{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 7.995
      },
      {
        "name": "AnalysisInfo",
        "time": 0.01
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.818
      },
      {
        "name": "Debug",
        "time": 0.002
      },
      {
        "name": "NetworkAnalysis",
        "time": 0.024
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_360_libs",
        "time": 0.0
      },
      {
        "name": "antiav_ahnlab_libs",
        "time": 0.0
      },
      {
        "name": "antiav_avast_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bitdefender_libs",
        "time": 0.0
      },
      {
        "name": "antiav_bullguard_libs",
        "time": 0.0
      },
      {
        "name": "antiav_emsisoft_libs",
        "time": 0.0
      },
      {
        "name": "antiav_qurb_libs",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antiav_apioverride_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_ntcreatethreadex",
        "time": 0.0
      },
      {
        "name": "antiav_nthookengine_libs",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_setunhandledexceptionfilter",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "antisandbox_mouse_hook",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_objects",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_libs",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "hardware_id_profiling",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_disk",
        "time": 0.0
      },
      {
        "name": "antivm_generic_scsi",
        "time": 0.0
      },
      {
        "name": "antivm_generic_services",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_libs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_window",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_libs",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "bootkit",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "amsi_enumeration",
        "time": 0.0
      },
      {
        "name": "regsvr32_squiblydoo_dll_load",
        "time": 0.0
      },
      {
        "name": "suspicious_ntdll_disk_load",
        "time": 0.0
      },
      {
        "name": "direct_syscall_evasion",
        "time": 0.0
      },
      {
        "name": "unbacked_syscall_execution",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "uac_bypass_windows_Backup",
        "time": 0.0
      },
      {
        "name": "privilege_elevation_check",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "dump_lsa_via_windows_error_reporting",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "query_fips_reconnaissance",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dll_load_uncommon_file_types",
        "time": 0.0
      },
      {
        "name": "dllload_suspicious_directory",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "install_kernel_driver_service",
        "time": 0.0
      },
      {
        "name": "malformed_dll_loading",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "registers_vectored_exception_handler",
        "time": 0.0
      },
      {
        "name": "exec_crash",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "infostealer_keylog",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "injection_createremotethread",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_explorer",
        "time": 0.0
      },
      {
        "name": "injection_module_stomping_probing",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "injection_runpe",
        "time": 0.0
      },
      {
        "name": "injection_rwx",
        "time": 0.0
      },
      {
        "name": "section_mapping_injection",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "apc_injection",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_mutex",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_named_pipe",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_shared_memory",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "unbacked_exception_filter",
        "time": 0.0
      },
      {
        "name": "unbacked_process_mitigation_alteration",
        "time": 0.0
      },
      {
        "name": "thread_unbacked_memory",
        "time": 0.0
      },
      {
        "name": "unbacked_api_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_dotnet_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_library_load",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_apc_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_protection_alteration",
        "time": 0.0
      },
      {
        "name": "unbacked_mutex_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_process_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_veh_registration",
        "time": 0.0
      },
      {
        "name": "unbacked_com_instantiation",
        "time": 0.0
      },
      {
        "name": "unbacked_crypto_operations",
        "time": 0.0
      },
      {
        "name": "unbacked_delay_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_file_dropping",
        "time": 0.0
      },
      {
        "name": "unbacked_process_enumeration",
        "time": 0.0
      },
      {
        "name": "unbacked_registry_modification",
        "time": 0.0
      },
      {
        "name": "unbacked_service_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_token_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_wmi_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_bind_shell",
        "time": 0.0
      },
      {
        "name": "unbacked_dns_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_network_connection",
        "time": 0.0
      },
      {
        "name": "unbacked_named_pipe_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_useragent_retrieval",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "modify_zoneid_ads",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "etherhiding_smart_contract_call",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_com_load",
        "time": 0.0
      },
      {
        "name": "office_dotnet_load",
        "time": 0.0
      },
      {
        "name": "office_mshtml_load",
        "time": 0.0
      },
      {
        "name": "office_vb_load",
        "time": 0.0
      },
      {
        "name": "office_wmi_load",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "decompress_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "ransomware_iocp_asynchronous_encryption",
        "time": 0.0
      },
      {
        "name": "kernel_crypto_driver_abuse",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_extension_hijack",
        "time": 0.0
      },
      {
        "name": "mass_file_modification_access",
        "time": 0.0
      },
      {
        "name": "ransomware_attribute_stripping",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "mass_ransom_note_drop",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "recon_systeminfo",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_timeout",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "uiautomationcore_load",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "mmc_dll_script_load",
        "time": 0.0
      },
      {
        "name": "mmc_dotnet_load",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "byod_loldrivers_match",
        "time": 0.0
      },
      {
        "name": "byod_novel_driver",
        "time": 0.0
      },
      {
        "name": "byod_post_load_exploitation",
        "time": 0.0
      },
      {
        "name": "byod_driver_service_install",
        "time": 0.0
      },
      {
        "name": "com_spawned_process",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.0
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.0
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.0
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.0
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "pe_deep_entrypoint",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "pe_cert_invalid_signature",
        "time": 0.0
      },
      {
        "name": "pe_cert_self_signed",
        "time": 0.0
      },
      {
        "name": "pe_cert_suspicious_issuer",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "sigma_events",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "browser_credential_theft_headless",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.001
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.001
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.01
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.047
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.018
      },
      {
        "name": "antiav_detectreg",
        "time": 0.226
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.003
      },
      {
        "name": "antiemu_windefend",
        "time": 0.001
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.001
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.001
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.004
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.002
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.008
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.004
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.011
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.002
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.007
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.025
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.003
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.016
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.001
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.008
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.011
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.002
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "executes_headless_browser",
        "time": 0.0
      },
      {
        "name": "suspicious_browser_arguments",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.004
      },
      {
        "name": "checks_uac_status",
        "time": 0.001
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.001
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.001
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.001
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.001
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "folder_enumeration",
        "time": 0.002
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.001
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.001
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.011
      },
      {
        "name": "infostealer_ftp",
        "time": 0.082
      },
      {
        "name": "infostealer_im",
        "time": 0.046
      },
      {
        "name": "infostealer_mail",
        "time": 0.016
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.019
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.0
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.0
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.0
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.0
      },
      {
        "name": "network_tor_service",
        "time": 0.001
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.001
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.001
      },
      {
        "name": "persistence_ads",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_service",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.003
      },
      {
        "name": "ransomware_files",
        "time": 0.004
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.001
      },
      {
        "name": "recon_fingerprint",
        "time": 0.002
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.001
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.0
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.074
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.0
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "HTMLive.exe",
      "path": "/opt/CAPEv2/storage/binaries/dfc699781837e22302e61c78c7c4d39694b26a3dcc61da7d4e163bdcbb8f3434",
      "guest_paths": "",
      "size": 151040,
      "crc32": "350946E6",
      "md5": "dd8298f66e20ce262d9726dd72bcab0c",
      "sha1": "a4bc6e9479d4639bd3de2061e957fcac30bbc7c6",
      "sha256": "dfc699781837e22302e61c78c7c4d39694b26a3dcc61da7d4e163bdcbb8f3434",
      "sha512": "e41331e9de21c360b0db86028cf4ee82018a3f04e431a9b727f7a149cefde63085ddbcad466a1b3532429652e676ca8c8adcad7d182ce035b58263ea9ff0cab0",
      "rh_hash": null,
      "ssdeep": "3072:diCavxHdbxLytt25RRzmJVmbXQr1j5V1HbiPzaVNfE0yiC:tyzgVmbAr15j",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T1DAE3C52236D86757EA7D73B519F0002482F2ED164132E70E7C69716E0EF9742CFA2B5A",
      "sha3_384": "44366c6713a742f2a707203379e810ed2a5df052e59b8a84f42eff1ea8c4d9942d91f391affa55307b5b2aadb3eb7e06",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "File not found: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\53\\HTMLive.exe",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x000224ee",
        "ep_bytes": "ff250020400000000000000000000000",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x000281a0",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": "C:\\Users\\Phillip\\documents\\visual studio 2010\\Projects\\livehtml\\livehtml\\obj\\x86\\Release\\livehtml.pdb",
        "imports": {
          "mscoree": {
            "dll": "mscoree.dll",
            "imports": [
              {
                "address": "0x402000",
                "name": "_CorExeMain"
              }
            ]
          }
        },
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x00022498",
            "size": "0x00000053"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00026000",
            "size": "0x00003f28"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x0002a000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00024000",
            "size": "0x0000001c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00002000",
            "size": "0x00000008"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00002000",
            "virtual_size": "0x000204f4",
            "size_of_data": "0x00020600",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x60000020",
            "entropy": "5.73"
          },
          {
            "name": ".sdata",
            "raw_address": "0x00020a00",
            "virtual_address": "0x00024000",
            "virtual_size": "0x0000009a",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "2.22"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00020c00",
            "virtual_address": "0x00026000",
            "virtual_size": "0x00003f28",
            "size_of_data": "0x00004000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "5.91"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00024c00",
            "virtual_address": "0x0002a000",
            "virtual_size": "0x0000000c",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.10"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_ICON",
            "offset": "0x00026440",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "6.01"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000268a8",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "6.19"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00027950",
            "size": "0x000025a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.96"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00029ef8",
            "size": "0x00000030",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.49"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00026148",
            "size": "0x000002f4",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.26"
          }
        ],
        "versioninfo": [
          {
            "name": "Translation",
            "value": "0x0000 0x04b0"
          },
          {
            "name": "CompanyName",
            "value": "12padams"
          },
          {
            "name": "FileDescription",
            "value": "livehtml"
          },
          {
            "name": "FileVersion",
            "value": "0.4.0.0"
          },
          {
            "name": "InternalName",
            "value": "livehtml.exe"
          },
          {
            "name": "LegalCopyright",
            "value": "Copyright © 12padams 2010"
          },
          {
            "name": "OriginalFilename",
            "value": "livehtml.exe"
          },
          {
            "name": "ProductName",
            "value": "livehtml"
          },
          {
            "name": "ProductVersion",
            "value": "0.4.0.0"
          },
          {
            "name": "Assembly Version",
            "value": "0.4.0.0"
          }
        ],
        "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
        "timestamp": "2010-11-21 12:05:22",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAASRklEQVR4nK2af5AV1ZXHP/f2j/dz3gzDDCIgwqBEAWcVCVHir7gmyyKmCEGiWc2motFsNmuZaLKWZRmzsdSyXLRSlkmZrKVZNxJLkRA0pGJUkFgrIUiAQh0R5YfjOAPD/Hjvdfft7nv3j9vvzYAm0WRf1ame96ar+3zu95xzz+3bwhgj+Bs+QggfqABtQHtmecDPTpGAAkaAKnAIGATqgDLG6L/l/u7f4HQ7MAU4CTgFmJ8d24CXgF3AEBBigaYBi7JztgPPAVuFEK8BfcaY+l/ly0dRQAiRBzoypxcBFwIzgJuB9cCXgW5gOlAGipnzVawKQ8DbwAvAs8BPgNnA49n3PcDQR1HlQwEIIVzsyM7OnL4CWAP8CPgGYyNb/rA3xobSbmA18BrwDPAAdiB2GWNG/l8AhBBFbKicB6zEjuAPgNsyxzs+gtN/6rMH+CmwOTuuAjYAb/8lNf4sgBCigh3ZJcD1WAVuAZYf6/jJJ59845tvvrnqxBNPPFgsFvNCiMnVapUwDFFKobUmSZK+JEnCKIqmFQqFb9Xr9XuOueUu4Nbs+nXgYeC1P5cffxJACNEGzMOGyxTgLuBuYEHjHMdxdgkhuq+99tpDra2tkwcGBhgcHOTIkSOMjIxQq9WOAhBC4DgOvu+Tz+dJ07Svp6enwxizwxgzL7tsAjwKrMsG7XZgmzGm+qEBspGfB3wd2A/0Ad9h3Kh3dXXtXbVq1TSg3NfXR39/P+MBRkdHqdVqBEFAHMdNANd1mwClUolyuYzjONWNGzceHBoa6hrnxkvAMmxY3Q48a4wZ/IsAWaWZDXwNWwIPAd8iS9AlS5bceMkll9y4bNmy6X19fbz77ru899579Pf3c+jQIQ4fPszQ0FATIAzDDwQoFApNgEqlQqVSoaenZ/++ffvu2blzZyO0XgM+A2wFbvwgiKPmASGEBCZhY34eVspbG87fcMMNN1966aV3zJ8/vzw6Oorv++RyuaMsn8+Tz+dRSpGmqb2J6x4FkMvlKBQKFIvFo+z888+fnqbpHa+++urNjzzyyB3Y/HsOG7abgLoQYtP4CnXsRNaGrSzXZ+RrGmFz9tlnr1mxYsU9nZ2dxHGM7/tH2QeBaG0LSJIkGGPeBzAeolQqUSqVaG1tLc+dO/eevXv3rn7xxReXY+ecZzK/HgJ6hRC7jDEK7DQ/PnTmAF/MTr4PO3tyxhlnrPn2t799WZIkJElCHMd4nofneR8KZLwd6/h4a0CUSiXuvffeyz796U+vydybh530NgGfxXYBHAWQjfSF2KS9PoPgtNNOu/7SSy9d2nC+AeC67keGKBQK7zt+EEwD4vvf//7SpUuX3pj59xnsjP4dYGE2P1mAbPTnZaP/ELASBCDo6uq6qdLaWk7SlDhJrMUJCIHjejiuh5uZ5/tN83P5D7RjlchnVigWm1YslSiWSsye/bHy4sWLGwAucE2WF8uBKUII2VCgHTgLIR4EcROINgDHdeSZCxZM11qjU2tJkhKnCUmS4jgOjuta8xogPq7n43oW6FglcvlC0/x8BpAvUGhYodi0YrHINddcO933czIb0HnY6ngWsBAoSiGERDrTQCxFOM8huBAB0pG7rrrq6lAbSFNNojVxmpIk1uIkRUgHx3EQjoPjuEjXxfXGq5Fr2pgKOfxcjlwu37R8oUCuYKEayhQKBRCCaq3G5t/9LnQ9d1eWrcvx8udgW5tJknxrEaO7EQxi9HUgyiBAyO6WSqWstUEb0MagtbEQqSZOEhAShLTOO+7Y0cuUcD37t+/jNsIrl8fz83i5HH7eAvgNmKMUylOr16nVarS2tZaFEN1ZVM8giZaDWAlMk2DKIObhFW4GFiIECMHFFy89ZAADaEBrQ6oziEwBhMAgMUiElIgmiId0x4Nk5uXwPB8vN6aMlwGMqZTLnA+o1wNq9Tr1Wp17773vkA0jAFYguA8h5kiSaBJCdGOMixAzAD6x6Nxbpp1wwmSwI2wMGEOmhFUjTTWpAYRASIkREiGdpjVAHG8MxvG8LD8yc31cP4d7DBRCNp2v1upU63VOOXXO5Gv/5eu3ZLnQzdXrbscwX2L7nvnodLHNdMGO7dtuEVKCsJqBwAhhHTeGJDXEqbZhZbAgCAwCIySMA7EwtlpJx0O6ngVzfQvVrGR+BpizzgdWgSAIqdcD6kHA6sceuyWLkDYeWv4VBAtdW/9FD5jTEbYonXTy7KGqKFee2DeR/mpE3ku56DS4cr7gm4+/zs633oNI8ZmFs5l1fIUfrn6ezrYcWmsOH6kxeWILgVIMj0ZM7SxxqJoQKaiUBf/6SZvs0nXZMSB44H9egZzP+WfM5ntfWMDnV/2CXXv3U3YMKy+Yy8ruCkEQEoUhZy9aNLThV7+aDAaMmQ9ihsSYCtJ9BtsDgZCce+550yd4CV8+aQgixZQWydIuB4PgnhUfg3qVhXOm8OB1/4COFceVJHd/5RwWnToFVJV/PL2DqxZ1kNOKs2bkOW9WCVLFyHCVN4ZdhHRBOmx/ewhSBZFi1eXdnNhRYsN3l0KkmD1jMpfPn0gYRQRBSBCGfG758uljUcEMhFgnQXTg5beAmNxQwHHHKgqpQqQBNqQkGgEqgiyR/66rkxuuvJC8K9DaNm9Gg+8IFn98GpWcoCUvyWkFqkrPwREQkjCVvPLqm3QWfQhGbahJhyCMIFWkUZ0gjKgHIUEUEYTWbIUUIMRkhLNFAm2UOvaQdZyXX/1vK103SzzXBRUR1BVvHE7Z3Rew48AIpAoTJ6gkpXt6O6dOqZCkGmNsidBGow3MbIOyZytZZ3uRSqnAjjfeIUgFOw/WmN5eprOEVUHY/IkiZa+hNaFSREoRhhFhFBFFEdf9+60rMgXKON5+iRCa404dRIg8QuJ4Oen5Pl6WYASDhMND9LwzzO59g+x4sw9UFZIApWJbUtOUONHoNMlubquVQaC1wQgH43jMP3UqALv7IjZue4uzu2daYlXFCImKE8JIQTCKDgMiFRNFCqXiDEIRqlhmYeQinUQiZMiR/W0gEqDZAtgy59k+o7XEsoXT+MK5s7jy7+3KzwAqjlFxTBwnJGmCxgEgRZBqO3trA1q6GKdAV0cOCu08s/VtBsOURbM7ILuHMaDihEjZUNNhHaViojhBxTE9hxOUUkRxkk3IooqQSKTTx2jfHIQYAsHD99+z2tZj2wrYcw3ScZHSodk+GU2kElScoJIEpRJSbWMo1Zok1dnkpxkJNUhBWcacNGMSUeKyYN4stDFkUYdBZAOSNn5oDs7rA4qHf70bpWIeeeDex7M8SEjVKRLHHySun4OQ/VnJJ5fLoWWO1wft5QeHa7wznOC4LrsO2sXQa28c4Pc9vag4IVYJ+44oeg/XwC+z80Cd9+qSJNUMRC5vvVfn0FCVPVWfEzqL4Of45MltvD6gGDhiHzi8sPMAR6ohG3cdBGDgyDC7++r88d2QJ198i5zrZ+0LjflpEGPmCFqnnk3t8DO4/gZ0uhwhOe+CT/Wfv/hz07buryFdD891OX5SOxefMZUntrxDLueTJjFBLeCSBVMZGRnht7v76TsSEBtDomKKbsKsfJWeWoFqBMLP47g+3e0JkVtm7iSPzfuU7VKLBYqFIksWzOTJjbuIVISKFFEUECtFHIUU3ZT3tm04uP2VbZMwGoRcTRrPdylM6Kc+uB83vxlVWw7wyrZtlcsuu5xlHWU833aOhWIJz/f56uJuyi0tDA0NMzw8zNDwMHEcc/pkl2pJUg/qdiGvYpIkZaY/isiB4wT4vkdO5jmuEGGMy+K5E2lra6V9wgTa29vROuWfzp3F0NARRkeGqY5KqqMptZohCkI2vv56pdEM4fjbSeMlkrapdaT7v3zqxtUg6gAXLV2+qrHwaPbxOdvb+75PHMfEcUySWRwnJPHYii1NU5I0JdUpaZqQphqtbU4YY9BaY4w52jAYrdHZgzhjTLMDNtr2XvPOPGtVFkOKyXPXIeV2Secpddz8Fp6981sI+RrAU489fPPevXv7x0MUCnny2cJEKUWsFCqOM6dj4iQmSWLSJBlnKTrV1rFxZkwDRtuuAGMruxBIMbbKHQ+4/8CB/q2bn78ZACl7GOg5C+FukRw/LyHf0kMSXYFXWE9WF+666872YrFIsVCgWLSrpny+AMaQxIq4aVaFNLGldEyFzHRqS2yaonWK0Roz3nlj1QBwHNno5gHRbJ6NMTy9fn1zIY/jP0s0eh9efouk2K7p6NqL466jMvk5YBBjMIjd1dHRarFYtAvvQp5iIY9SEbGyIRQrRRIr1DiQJGmYBdCpDal0HEQTxOisgNqJwHUcpJRIIZFSIIRACBgZHa0aIXfbmk4vn3/gDoTcTHnSbokEZp0/Qq5lAwNvvICbfxQgjaNTrrzyiny5VKRcKlIqFlFK2fCJI2IVNZWwuaCO+p4myoLEcRNC6xSdpnbUtbZNk2ksm8DzXDzXwXUljhQ4UiCF4KGf/DivE3UKGJDuCzx+9aN4+fWc+IlDEoRm0pyECSfsxnEfojhhA7AnCxW97pfresvlEkLQdFxFkQ0fpSyIsr/HsSKNY5JkDCpNYtIkRqfZUSdjEJkJY5DC4LsuvufhZ6XbcRy2/uEPvWmaNBqtXlY8cD3G+BTatjHzrFAisA9XZiwaJNeyjqF3HiXfcl92dTa9/Mr97/b2VlUUMmaZwyoijiIbVrEaA8n+n6hMEaWaSug0QesEoxOMTq0KNhnwfQ/fc/E8B9eRDA8PVV9/+537m0tCN/8oP796K27uCY6bc5BSp85SXmhmfFIxYfpuXP8BouoiHHctxvD802tuu+W733s2CgKiIECFQRMkikKUit7/valIRBKPHRuK6KxaGZ2OmUmRggzCgjzx5Npne7a/fBvGgJSb8ItbEM4mShO3MO2MOgIkSN1U4YSFQ5QmrsfoIqWOBxFiG8bw3K+fXnLdN29YG0UBURgQRQEqDFGh/a6iEBWGVo0wII5Ce86xajWUSmLSNEYnVpEGhMCQz/nkfI+7//PetX/8w8tLMAYEb9O94ktUB24nV3qcqWccZOrpCUidPTCSGiE0J5+nmHbmfnLlhxjpvYuVP16MYA9G8+Lzv1ny08eevPXgwQPVKAgIg7qFCetEQXYMG781AMMmUAMgyUw3cyNBJzFojdEphw8NVP/78adu2/LSpiW2ZaCXypSr2faz3Xj5H9DetYvZF9YbNVbw1V84aGT2AEUy2i/5/U/b6O9ZhKreRfeKc9i55gWM6QJB98fPvuVjM0+47rTTTps2MjLC6OgoI6Oj1Ko16vU6QRigIkWS2ifSUkoc1yWfs48TW1paqLRWmNA2gfaJ7XR0dDKps5PjjpvEb5797cEXX952/2+ffuo/sso0SGHC16gd/hlu7lbaZ6xhzpJ+Tvx4AlLbueKrv3RAcxTEyLvw8sMdDOy5gLh+FyddsJA3Nz2B0QsaS7qJEzvevuSSi6cYY8ojI1VqtSq1ep0wCFGxaj5Sl1LieR65XJ5isdgEaJ/QzsSJE+no6MBxZPXOO+/q3b9v3wyaDTa9FNquJzjyI6R7Py2Tn+D0Sw+Odx6JzgBgDCJrxt/a7PLqr9sZfOsiEnUTrVNXMNp3Mzpdht12RUpnN5h5CxYsGMzl8pPq9caeWHyUAp7r2cmwVKRcbqGtrY0JEyZQrVb7f/7z1e0GsSuN4zlN54XczAkLvsy+l1/D9W+lOHE9Z37xfc5DtsUkrlkvmxD2YL8f2SfZeF8H1YEFJOHVCGcHjruHJLoOu5fQ/LR1HHfT8OH+uyutbb2e6+Y9z5vUAGjsiWmt++tBEPb29k6ZOmPWTQf2vnFH1itkjotepPsTHK8HVb8N119FqeM5Tl/Rx8xzkuaTOYlu7AwctUc2BjIOpv9NyUs/rDDS10USLcak3yDX8lni4EJ0uhLMnEY6faiP+MDzehFyA//82PU8/IXtCPkCjreWyvE7mHXBIHOX6jHH7R8A5sGl+k9vs46H2bsZDvze5+Ark1D1OejksxhzBY73RTAuOv0S9nH3R9n0PgTsRTjPMHPRD9j74lrrm/sofnELHSftp3uZ4vh5RzndcLzp50d6V+KimyRbHy0SDHWQqpPQ6YVglgM7yLVcRxzMwehzMOYUMB3YdyVc7N6vBoZA7EHIzVz11Fr+a9mNGH0riLUIsRnpbCXfuodPfGWErnM+0OH3+fTXvm6TbfFUsC92zMYqsAC7g9KD3RodxG4LZY8wmy+JHMr+vxXYAezNfqt/1Ndv/g8QWFWwkdEkqgAAAABJRU5ErkJggg==",
        "icon_hash": "ad28893065a52c08b5a6a12d55314087",
        "icon_fuzzy": "65012ba4fce4a99e4b663d6321f8ef80",
        "icon_dhash": "1f49cc8ccccccd27",
        "imported_dll_count": 1
      },
      "data": null,
      "strings": [
        "CCS_Word_Spacing",
        "ShowDialog",
        "repeat-y:     The background image will be repeated vertically.",
        "startcode",
        "page and the text.",
        "DecorationToolStripMenuItem_Click",
        "set_SaveAsToolStripMenuItem",
        "_NewHorizontalItemToolStripMenuItem",
        "New Horizontal Item <td>",
        "set_HeadingsToolStripMenuItem",
        "Color",
        "CCSToolStripMenuItem",
        "get_LetterSpacingToolStripMenuItem",
        "AssemblyTrademarkAttribute",
        "m_CCS_Text_Align",
        "teroffact",
        "Possible  Format Methods:",
        "right top",
        "Value",
        "m_FormBeingCreated",
        "get_Items",
        "Local image locations will not display in the preview",
        "ComVisibleAttribute",
        "Javascript_Function",
        "LineHeightToolStripMenuItem_Click",
        "AlertBoxToolStripMenuItem",
        "ListsToolStripMenuItem",
        "get_IndentToolStripMenuItem",
        "m_CCS_Text_Shadow",
        "HtmL-ive 0.5.7 - by 12padams / ",
        "oldselstart",
        "set_OpenFileDialog1",
        "get_Heading4h4ToolStripMenuItem",
        "System.Threading",
        "get_ColorToolStripMenuItem",
        "Indent",
        "TextBox",
        "AssemblyProductAttribute",
        "System.Globalization",
        "get_CCS_Text_Color",
        "Minimum:",
        "set_TextBox1",
        "HtmlToolStripMenuItem",
        "DebuggableAttribute",
        "_ItaliciToolStripMenuItem",
        "Font weight is how bold the text is.",
        "_DecorationToolStripMenuItem",
        "sender",
        "superfrench",
        "_ColorToolStripMenuItem",
        "set_Checked",
        "text-shadow: ",
        "Background Image",
        "turalight bt",
        "BackgroundrepeatToolStripMenuItem_Click",
        "livehtml.Resources",
        "set_RichTextBox1",
        "_Heading6h6ToolStripMenuItem",
        "_SubscriptedsupToolStripMenuItem",
        "get_SubscriptedsupToolStripMenuItem",
        "_HorizontalToolStripMenuItem",
        "SplitToolStripMenuItem",
        "cademy engraved let",
        "_CCSCustomTagPropertiesToolStripMenuItem",
        "htmllinktext",
        "set_Label1",
        "set_Heading3h3ToolStripMenuItem",
        "HorizontalToolStripMenuItem",
        "FileDialog",
        "AssemblyFileVersionAttribute",
        "set_RandomNumberToolStripMenuItem",
        "$this.Icon",
        "set_CCS_Background_Image",
        "set_Label7",
        "Background Repeat",
        "FontToolStripMenuItem",
        "set_Title",
        "You also have the option of the % where 0% 0% is the top left corner",
        "set_TabIndex",
        "VerticalAlignToolStripMenuItem",
        "set_Heading5h5ToolStripMenuItem",
        "Label7",
        "set_WeightToolStripMenuItem",
        "that you want to have the text indented.",
        "mekanik let",
        "Concat",
        "A timeout in Javascript allows an action to be performed after a set time",
        "FunctionToolStripMenuItem_Click",
        "get_Panel1",
        "Fixed",
        "QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",
        "Javascript Random Number",
        "MyTemplate",
        "Conversions",
        "bolder",
        "SubscriptedsupToolStripMenuItem_Click",
        "TargetFrameworkAttribute",
        "want to have your image using x and y coordinates",
        "BackgroundimageToolStripMenuItem_Click",
        "ToDouble",
        "Settings",
        "This program will generate a random full number (without decimal places) between the min and max values set below",
        "While 100% 100% is the bottom right corner",
        "Alternate Text:",
        "</h3>",
        "get_UnderlineuToolStripMenuItem",
        "set_AToolStripMenuItem",
        "BackgroundcolorToolStripMenuItem_Click",
        "get_Controls",
        "Math.floor(Math.random()*",
        "set_ckblive",
        "arial",
        "</h6>",
        "get_SplitToolStripMenuItem",
        "</h1>",
        "the letters to overlap eachother",
        "AccessedThroughPropertyAttribute",
        "get_BoldToolStripMenuItem",
        "Y coordinate:",
        "Activator",
        "%BackgroundattachmentToolStripMenuItem",
        "rtl: The writing direction is right-to-left",
        "get_IsDisposed",
        "System.Diagnostics",
        "get_Forms",
        "arial black",
        "ccs_background_color",
        "balthazar",
        "Write",
        "CCS_Text_Color",
        "AToolStripMenuItem_Click",
        "WeightToolStripMenuItem_Click",
        "ControlCollection",
        "Instance",
        "NewItemToolStripMenuItem_Click",
        "left top",
        "Table Format Setup",
        "Link Text:",
        "set_CCS_Background_Attachment",
        "set_Form1",
        "get_RichTextBox1",
        "get_BackgroundrepeatToolStripMenuItem",
        "HorizontalToolStripMenuItem_Click",
        "_SaveAsToolStripMenuItem",
        "PHPStructureSetupToolStripMenuItem_Click",
        "get_Form1",
        "RandomNumberToolStripMenuItem",
        "repeat-y",
        "ComboBox1",
        "$5b21b810-a004-44e9-821c-1b0eb011ab4f",
        "CCSToolStripMenuItem1_Click",
        "_CodeToolStripMenuItem",
        "GetInstance",
        "britannic bold",
        "livehtml.CCS_Text_Direction.resources",
        "_TimedToolStripMenuItem",
        "AssemblyDescriptionAttribute",
        "RandomNumberToolStripMenuItem_Click",
        "LetterSpacingToolStripMenuItem_Click",
        "get_FileName",
        "ErrInfo",
        "Orientation",
        "set_Button1",
        "WeightToolStripMenuItem",
        "LinkToolStripMenuItem_Click",
        "bookman old style",
        "CCS_Font_Weight",
        "FunctionToolStripMenuItem",
        "Shadow",
        "get_TextBox4",
        "Synchronized",
        "SaveToolStripMenuItem",
        "coolsville",
        "ToolStripItemCollection",
        "</h4>",
        "WebBrowser",
        "TextToolStripMenuItem",
        "disposing",
        "trendy",
        "puppylike",
        "CCS_Letter_Spacing",
        "set_SaveFileDialog1",
        "<del>",
        "OnCreateMainForm",
        "get_BackgroundpositionToolStripMenuItem",
        "SaveTextToFile",
        "CCS Background Position",
        "get_BackgroundToolStripMenuItem",
        "background-repeat:",
        "set_htmllink",
        "get_DeleteddelToolStripMenuItem",
        "VerticalToolStripMenuItem_Click",
        "ObjectCollection",
        "_TableToolStripMenuItem",
        "_SplitToolStripMenuItem",
        "set_Heading6h6ToolStripMenuItem",
        "get_FontToolStripMenuItem",
        "BackgroundrepeatToolStripMenuItem",
        "set_ClientSize",
        "CCS Custom Tag Properties",
        "Table Heading  <th>",
        "get_Label6",
        "Direction",
        "A normal line height.",
        "v4.0.30319",
        "m_CCS_Text_Indent",
        "set_BackgroundpositionToolStripMenuItem",
        "set_DefaultExt",
        "</li>",
        "CCS Text Align",
        " BackgroundimageToolStripMenuItem",
        "_BackgroundattachmentToolStripMenuItem",
        "add_Click",
        "get_SaveFileDialog1",
        "_ImageList1",
        "Split",
        "get_LineHeightToolStripMenuItem",
        "monospace",
        "set_DeleteddelToolStripMenuItem",
        "get_SaveAsToolStripMenuItem1",
        "SuperscriptedsupToolStripMenuItem_Click",
        "AToolStripMenuItem",
        "set_Text",
        "Scroll",
        "get_DocumentTitle",
        "Application",
        "Javascript_Timeout",
        "get_TableToolStripMenuItem",
        "</h2>",
        "add_Shutdown",
        "set_TextToolStripMenuItem1",
        "Javascript Function",
        "get_AToolStripMenuItem",
        "set_Name",
        "livehtml.My.Resources",
        "_Label2",
        "_DirectionToolStripMenuItem",
        "SaveAsToolStripMenuItem1",
        "set_BackgroundcolorToolStripMenuItem",
        "_ShadowToolStripMenuItem",
        "capitalize",
        "overline",
        "Button",
        "underline:       Defines a line below the text",
        "UnorderedListulToolStripMenuItem",
        "Blur Radius:",
        "Choose Here",
        "_BackgroundcolorToolStripMenuItem",
        "System.IO",
        "ToolStrip",
        "set_CCS_Font_Size",
        "DesignerGeneratedAttribute",
        "set_DirectionToolStripMenuItem",
        "CCS_Line_Height",
        "set_Icon",
        "font-weight:",
        "CCS Letter Spacing",
        "Label9",
        "BackgroundattachmentToolStripMenuItem_Click",
        "* Hex - a hex value, like \"#0000FF\"",
        "ColorToolStripMenuItem_Click",
        "set_HTML_Image",
        "get_TextToolStripMenuItem",
        "set_Label3",
        "</h5>",
        "OpenFileDialog1",
        "set_NewRowtrToolStripMenuItem",
        "InvalidOperationException",
        "color:",
        "SaveAsToolStripMenuItem",
        "</table>",
        "m_CCS_Text_Direction",
        "get_Label1",
        "New Row <tr>",
        "Heading 1 <h1>",
        "CCS_Background_Image",
        "_NewItemToolStripMenuItem",
        "Label3",
        "set_CCS_Text_Indent",
        "livehtml.CCS_Font_Family.resources",
        "WinForms_RecursiveFormCreate",
        "ShutdownMode",
        "Label",
        "set_HtmlStructureToolStripMenuItem",
        "FontSizeToolStripMenuItem",
        "ViewToolStripMenuItem",
        "height",
        "impact",
        "background-position:",
        "transform the text",
        "get_Heading2h2ToolStripMenuItem",
        "set_NewItemToolStripMenuItem",
        "get_CheckState",
        "Line Height",
        "HideModuleNameAttribute",
        "Label8",
        "get_AlertBoxToolStripMenuItem",
        "WithEventsValue",
        "get_TextToolStripMenuItem1",
        "Time (ms):",
        "get_VerticalToolStripMenuItem",
        "_HeadingsToolStripMenuItem",
        "livehtml.CCS_Text_Indent.resources",
        "Underline <u>",
        " BackgroundcolorToolStripMenuItem",
        " none",
        "Maximum:",
        "components",
        "ImageList1",
        "<Module>",
        "matura mt script capitals",
        "Scroll: Background scrolls with the page",
        "set_Heading2h2ToolStripMenuItem",
        "m_CCS_Letter_Spacing",
        "m_CCS_Text_Transform",
        "CheckState",
        "CCSCustomTagPropertiesToolStripMenuItem",
        "ImageList",
        "_PHPStructureSetupToolStripMenuItem",
        "get_FileSystem",
        "set_LinkToolStripMenuItem",
        "get_BackgroundcolorToolStripMenuItem",
        "livehtml.CCS_background_Repeat.resources",
        "set_DecorationToolStripMenuItem",
        "MySettings",
        "get_NewHorizontalItemToolStripMenuItem",
        "get_DecorationToolStripMenuItem",
        "AssemblyTitleAttribute",
        "</HEAD>",
        "set_SubscriptedsupToolStripMenuItem",
        "VerticalToolStripMenuItem",
        "sans-serif",
        "get_ItaliciToolStripMenuItem",
        "get_SaveMySettingsOnExit",
        "set_MainForm",
        "line-through",
        "!This program cannot be run in DOS mode.",
        "remove_TextChanged",
        "Use Combo Box below to choose how you want",
        "if typed like this: \"/test.jpg\" but will appear when the user",
        "X coordinate:",
        "RichTextBox1_TextChanged",
        "length: ",
        "VarFileInfo",
        "My.Application",
        "_FontToolStripMenuItem",
        "set_ShadowToolStripMenuItem",
        "get_CCS_Text_Decoration",
        "</sup>",
        "livehtml.htmllink.resources",
        "get_Label3",
        "set_CCS_Letter_Spacing",
        "get_SelectionLength",
        "marlett",
        "GetObject",
        "System.Windows.Forms",
        "colonna mt",
        "get_GetInstance",
        "geotype tt",
        "Unordered List Setup <ul>",
        "ProductVersion",
        "AuthenticationMode",
        "ShadowToolStripMenuItem_Click",
        "get_HorizontalToolStripMenuItem",
        "DirectionToolStripMenuItem",
        "get_TextBox2",
        "_JavascriptToolStripMenuItem",
        "set_CCS_Background_Position",
        "get_VerticalAlignToolStripMenuItem",
        "livehtml.CCS_Text_Transform.resources",
        "livehtml.CCS_Font_Size.resources",
        "Link Location:",
        "MenuStrip",
        "DeleteddelToolStripMenuItem",
        "TextBox2",
        "book antiqua",
        "get_CCSToolStripMenuItem1",
        "set_SaveMySettingsOnExit",
        "\"PHPStructureSetupToolStripMenuItem",
        "Hashtable",
        "wingdings",
        "ServerComputer",
        "TextBox4",
        "Assembly Version",
        "TextToolStripMenuItem3",
        "text-align:",
        "CCSToolStripMenuItem1",
        "_ViewToolStripMenuItem",
        "lowercase",
        "MyProject",
        "vineta bt",
        "word-spacing:",
        "TimedToolStripMenuItem_Click",
        "cursive",
        "System.ComponentModel.Design",
        "add_CheckedChanged",
        "set_Label8",
        "SaveToolStripMenuItem_Click",
        "Assembly",
        "SaveFileDialog1",
        "set_SplitToolStripMenuItem",
        "set_UnorderedListulToolStripMenuItem",
        "background-color:",
        "set_CCSToolStripMenuItem1",
        "livehtml.CCS_Background_Attachment.resources",
        "_TextBox2",
        "livehtml.CCS_Text_Decoration.resources",
        "new york",
        "get_Heading5h5ToolStripMenuItem",
        "get_CCS_Font_Size",
        "get_SaveAsToolStripMenuItem",
        "Close",
        "Javascript Timeout",
        "century schoolbook",
        "GetString",
        "strData",
        "TextBoxBase",
        "set_Label6",
        "background-image:url('",
        "set_UseVisualStyleBackColor",
        "UriKind",
        "set_CCS_Font_Weight",
        "_MenuStrip1",
        "set_VerticalToolStripMenuItem",
        "simplex",
        "_VerticalAlignToolStripMenuItem",
        "set_MinimumSize",
        "RuntimeCompatibilityAttribute",
        "line-height:",
        "_BackgroundrepeatToolStripMenuItem",
        "left center",
        "Enter in the textbox the amount in pixels",
        "You also can specify the % from normal size (e.g. 50%)",
        "set_FontSizeToolStripMenuItem",
        "ObjectFlowControl",
        "RichTextBox1",
        "Not all browsers can display all fonts but you may type your",
        "get_CCS_Font_Family",
        "small",
        "ltr: The writing direction is left-to-right.",
        "set_BoldToolStripMenuItem",
        "x-large",
        "_SaveAsToolStripMenuItem1",
        "WebServices",
        "get_WebServices",
        "swis721 blkoul bt",
        "orange let",
        "Save website",
        "Image Url:",
        "Heading5h5ToolStripMenuItem",
        "000004b0",
        "set_Javascript_Timeout",
        "m_CCS_Font_Weight",
        "EditorBrowsableAttribute",
        "mscoree.dll",
        "Action:",
        "_ListItemliToolStripMenuItem",
        "EventArgs",
        "medium",
        "Monitor",
        "get_ckblive",
        "m_ccs_background_color",
        "the image was for any reason unable to be",
        "NewRowtrToolStripMenuItem",
        "System.Collections",
        "surfer",
        "Heading4h4ToolStripMenuItem_Click",
        "text-indent:",
        "set_TransformToolStripMenuItem",
        "set_IsSingleInstance",
        "set_AutoSize",
        "Property can only be set to Nothing",
        "m_CCS_Font_Size",
        "get_CCS_Letter_Spacing",
        "_LinkToolStripMenuItem",
        "get_TransformToolStripMenuItem",
        "font-family:'",
        "m_ThreadStaticValue",
        "loads the website. It is recommended to use your websites",
        "symbol",
        "<?php",
        "System.Runtime.CompilerServices",
        "`.sdata",
        "get_Heading3h3ToolStripMenuItem",
        ".rsrc",
        "TransformToolStripMenuItem_Click",
        "CCS Font Size",
        "width",
        "set_TextToolStripMenuItem",
        "CreateInstance",
        "UnderlineuToolStripMenuItem_Click",
        "UnderlineuToolStripMenuItem",
        "Heading4h4ToolStripMenuItem",
        "set_Culture",
        "<TITLE>This text is displayed in the title of the web browser</TITLE>",
        "AnchorStyles",
        "StreamWriter",
        "right center",
        "get_WebBrowser1",
        "Use the combobox below to chose where you want your image displayed:",
        "get_Default",
        "Heading1h1ToolStripMenuItem_Click",
        "_WebBrowser1",
        "set_BackgroundattachmentToolStripMenuItem",
        "m_CCS_Text_Color",
        "Word Spacing",
        "LinkToolStripMenuItem",
        "chasm",
        "_QuitToolStripMenuItem",
        "</td>",
        "livehtml.ccs_background_color.resources",
        "m_CCS_background_Repeat",
        "BackgroundpositionToolStripMenuItem_Click",
        "Leave \"Link Text\" blank if you have highlighted text",
        "get_Length",
        "get_SelectionStart",
        "Heading6h6ToolStripMenuItem_Click",
        "The \"blink\" value is not supported in IE, Chrome ",
        "get_OpenFileDialog1",
        "Object",
        "FontSizeToolStripMenuItem_Click",
        "SaveFileDialog",
        "IDisposable",
        "_StartJavascriptToolStripMenuItem",
        "alt='",
        "livehtml.CCS_Font_Weight.resources",
        "</script>",
        "set_EnableVisualStyles",
        "<BODY>",
        "superscripted <sup>",
        "NewHorizontalItemToolStripMenuItem",
        "ColorToolStripMenuItem",
        "Environment",
        "NewItemToolStripMenuItem",
        "Link Options",
        "john handy let",
        "thYO{vq",
        "helterskelter",
        "</HTML>",
        "HtmlStructureToolStripMenuItem",
        "_UnderlineuToolStripMenuItem",
        "m_CCS_customize_tag",
        "ReadAllText",
        "Resources",
        "alert('",
        "set_MaximumSize",
        "12padams",
        " StartJavascriptToolStripMenuItem",
        "_OpenFileDialog1",
        "CompilationRelaxationsAttribute",
        "set_TextBox4",
        "_TextToolStripMenuItem",
        "<HTML>",
        "set_MenuStrip1",
        "HeadingsToolStripMenuItem",
        "SettingsBase",
        "FileToolStripMenuItem",
        "<script type = 'text/javascript'>",
        "address when linking images.... Example below:",
        "KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator",
        "the text to be aligned on the page.",
        "x-small",
        "set_ComboBox1",
        "OrderedListorToolStripMenuItem_Click",
        "CCS_Font_Family",
        "My.Forms",
        "#BackgroundpositionToolStripMenuItem",
        "CCS Word Spacing",
        "get_UseCompatibleTextRendering",
        "get_NewItemToolStripMenuItem",
        "get_CCS_Background_Image",
        "ProductName",
        "PHPStructureSetupToolStripMenuItem",
        "get_CCS_Text_Transform",
        "matisse itc",
        "repeat-x",
        "htmllinklocation",
        "no-repeat:  The background-image will only appear once.",
        "set_ListsToolStripMenuItem",
        "set_Url",
        "IContainer",
        "set_CCS_Text_Color",
        "DockStyle",
        "ImageToolStripMenuItem",
        "resourceMan",
        "_TextToolStripMenuItem2",
        "technic",
        "set_LineHeightToolStripMenuItem",
        "Enter Tag Here:",
        "stylus bt",
        "_FileToolStripMenuItem",
        "CCS_Text_Align",
        "get_StartJavascriptToolStripMenuItem",
        "set_Heading1h1ToolStripMenuItem",
        "SaveAsToolStripMenuItem1_Click",
        "FileVersion",
        "set_SelectionStart",
        "_Heading2h2ToolStripMenuItem",
        "ResourceManager",
        "set_Javascript_Random_Number",
        "Background Position",
        "Horizontal",
        "livehtml.Javascript_Function.resources",
        "font-size:",
        "selectionamount",
        "_SaveFileDialog1",
        "Remove",
        "kino mt",
        "SystemColors",
        "Label1",
        "set_ItaliciToolStripMenuItem",
        "herman",
        "set_ShutdownStyle",
        "Dispose",
        "western",
        "Microsoft.VisualBasic",
        "_HtmlStructureToolStripMenuItem",
        "CheckForSyncLockOnValueType",
        "Lists",
        "set_Location",
        "TimedToolStripMenuItem",
        "4System.Web.Services.Protocols.SoapHttpClientProtocol",
        "GetHashCode",
        "get_Text",
        "Bold <b>",
        "dayton",
        "set_DocumentText",
        "get_ImageList1",
        "ContainsKey",
        "get_WeightToolStripMenuItem",
        "set_Label4",
        "tahoma",
        "_PHPToolStripMenuItem",
        "number: A number that will be multiplied with the font size to set the line height",
        "_Heading1h1ToolStripMenuItem",
        "InternalName",
        "You may either select a boldness number",
        "m_htmllink",
        "_NewRowtrToolStripMenuItem",
        "Color:",
        "CCS Font",
        "set_BackgroundToolStripMenuItem",
        "get_CCS_Text_Shadow",
        "_RandomNumberToolStripMenuItem",
        "right bottom",
        "InitializeComponent",
        "m_Javascript_Timeout",
        "scruff let",
        "symap",
        "get_CCS_Line_Height",
        "get_UnorderedListulToolStripMenuItem",
        "set_LetterSpacingToolStripMenuItem",
        "get_CodeToolStripMenuItem",
        "large",
        "instance",
        "CCS_Background_Attachment",
        "CCS Background Color",
        "_BackgroundToolStripMenuItem",
        "_BackgroundimageToolStripMenuItem",
        "GeneratedCodeAttribute",
        "Label10",
        "Html Structure Setup",
        "SubscriptedsupToolStripMenuItem",
        "set_BackColor",
        "_AToolStripMenuItem",
        "CCS_Text_Shadow",
        "set_Label2",
        "set_CCS_Word_Spacing",
        "</style> </head>",
        "StandardModuleAttribute",
        "livehtml.HTML_Image.resources",
        "WebBrowser1",
        "set_SaveToolStripMenuItem",
        "Culture",
        "xx-small",
        "_Heading4h4ToolStripMenuItem",
        "_ckblive",
        "_Button1",
        "livehtml.Javascript_Random_Number.resources",
        "get_PHPToolStripMenuItem",
        "braggadocio",
        "setTimeout('",
        "times new roman",
        "Weight",
        "</ol>",
        "_RichTextBox1",
        "HtmlStructureToolStripMenuItem_Click",
        "WinForms_SeeInnerException",
        "_Label6",
        "get_TextBox3",
        "set_OrderedListorToolStripMenuItem",
        "CCS Font Weight",
        "<table border='1'>",
        "set_AlertBoxToolStripMenuItem",
        "livehtml.CCS_customize_tag.resources",
        "capitalize:    First character of each word to uppercase",
        "Translation",
        "or you may select a type from the list below",
        "DebuggerStepThroughAttribute",
        "50px 50px ",
        "Component",
        "Button1",
        "normal:  ",
        "get_JavascriptToolStripMenuItem",
        "Dispose__Instance__",
        "set_MainMenuStrip",
        "System.Runtime.InteropServices",
        "IndentToolStripMenuItem_Click",
        "ComponentResourceManager",
        "BackgroundpositionToolStripMenuItem",
        "set_FormattingEnabled",
        "set_SplitterDistance",
        "Microsoft.VisualBasic.MyServices",
        "get_Javascript_Random_Number",
        "remove_CheckedChanged",
        "_Label3",
        "_ImageToolStripMenuItem",
        "Function",
        "ckblive",
        "repeat",
        "MyWebServices",
        "set_Orientation",
        "set_ScriptErrorsSuppressed",
        "Heading 4 <h4>",
        "set_Size",
        "ColorDepth",
        "add_TextChanged",
        "CCS Customize Tag",
        "OpenFileDialog",
        "automatically.",
        "get_ShadowToolStripMenuItem",
        "!BackgroundrepeatToolStripMenuItem",
        "get_ButtonFace",
        "MyGroupCollectionAttribute",
        "Form1",
        "AssemblyCompanyAttribute",
        "defaultInstance",
        "Select a repeat type from the combobox below:",
        "get_HeadingsToolStripMenuItem",
        "Control",
        "_IndentToolStripMenuItem",
        "AlertBoxToolStripMenuItem_Click",
        "trebuchet ms",
        "set_PHPStructureSetupToolStripMenuItem",
        "commercialscript bt",
        "Do not enter px at the end as it will be put in",
        "BeginInit",
        "Background Attachment",
        "highlight let",
        "TableFormatSetupToolStripMenuItem",
        "Vertical",
        "Label6",
        "_UnorderedListulToolStripMenuItem",
        "ListItemliToolStripMenuItem_Click",
        "Insert",
        "CheckBox",
        "ItaliciToolStripMenuItem_Click",
        "set_ColorToolStripMenuItem",
        "Label4",
        "_TableFormatSetupToolStripMenuItem",
        "CCS background Repeat",
        "Enter",
        "Point",
        "get_Application",
        "MenuStrip1",
        "System.CodeDom.Compiler",
        "Create__Instance__",
        "get_FontSizeToolStripMenuItem",
        "get_MenuStrip1",
        "!TableFormatSetupToolStripMenuItem",
        "ms linedraw",
        "get_FileToolStripMenuItem",
        "<a href='",
        "STAThreadAttribute",
        "get_CCS_Text_Direction",
        "Table",
        "</BODY>",
        "ComboBox",
        "monaco",
        "set_CCS_Font_Family",
        "ShadowToolStripMenuItem",
        "Select the type of text decoration you want from",
        "My.User",
        "underline",
        "get_ResourceManager",
        "set_ViewToolStripMenuItem",
        "_LineHeightToolStripMenuItem",
        "get_CCS_customize_tag",
        "BackgroundattachmentToolStripMenuItem",
        "#Blob",
        "FontToolStripMenuItem_Click",
        "set_ImageList1",
        "DialogResult",
        "RuntimeTypeHandle",
        "amaze",
        "_Label8",
        "CCS Text Direction",
        "victorian let",
        "CCS_Background_Position",
        "get_TextBox1",
        "QuitToolStripMenuItem_Click",
        "get_InnerException",
        "CCSCodeHeadingToolStripMenuItem_Click",
        "TableToolStripMenuItem",
        "LetterSpacingToolStripMenuItem",
        "_Label4",
        "Deleted <del>",
        "livehtml.Javascript_Timeout.resources",
        "get_Settings",
        "ThreadSafeObjectProvider`1",
        "m_Javascript_Random_Number",
        "ListControl",
        "System.Drawing.Icon",
        "endcode",
        "scripts",
        "EndInit",
        "get_ListItemliToolStripMenuItem",
        "Copyright ",
        "TextToolStripMenuItem2",
        "flat brush",
        "RichTextBox",
        "get_Transparent",
        "DebuggingModes",
        "set_CCS_Text_Shadow",
        "Headings",
        "bankgothic lt bt",
        "set_CCS_background_Repeat",
        "BoldToolStripMenuItem_Click",
        "SplitContainer",
        "Letter Spacing",
        "larger",
        "m_CCS_Word_Spacing",
        "left bottom",
        "get_Label9",
        "fantasy",
        "items",
        "get_DropDownItems",
        "center top",
        "geneva",
        "set_ccs_background_color",
        "get_CCS_Background_Position",
        "get_PHPStructureSetupToolStripMenuItem",
        "CCS Text Indent",
        "get_CCSCustomTagPropertiesToolStripMenuItem",
        "CCS Line Height",
        "livehtml.CCS_Background_Position.resources",
        "ListItemliToolStripMenuItem",
        "Heading6h6ToolStripMenuItem",
        "set_JavascriptToolStripMenuItem",
        "vivian",
        "Italic <i>",
        "palatino",
        "get_CCS_Background_Attachment",
        "\"NewHorizontalItemToolStripMenuItem",
        "get_Label4",
        "tempus sans itc",
        "Heading1h1ToolStripMenuItem",
        "justify",
        "BackgroundToolStripMenuItem",
        "m_CCS_Background_Attachment",
        "get_Javascript_Timeout",
        "AutoSaveSettings",
        "EditorBrowsableState",
        "PHPToolStripMenuItem",
        "document.write('",
        "set_AutoScaleMode",
        "get_Button1",
        "System",
        "text-transform:",
        "set_TimedToolStripMenuItem",
        "BoldToolStripMenuItem",
        "_TextBox4",
        "livehtml",
        "Heading 5 <h5>",
        "CCS Structure Setup",
        "Microsoft.VisualBasic.ApplicationServices",
        "set_HorizontalToolStripMenuItem",
        "mscorlib",
        "_AlertBoxToolStripMenuItem",
        "no-repeat",
        "ProjectData",
        "OriginalFilename",
        "Image",
        "CCS_Font_Size",
        "SetCompatibleTextRenderingDefault",
        "Shadow color:",
        "QuitToolStripMenuItem",
        "smaller",
        "get_RandomNumberToolStripMenuItem",
        "helvetica",
        "get_TextToolStripMenuItem2",
        "livehtml.CCS_Text_Color.resources",
        "System.Drawing.Size",
        "get_SuperscriptedsupToolStripMenuItem",
        "You can specify the exact pixel size (e.g. 5px)",
        "ArgumentException",
        "get_FunctionToolStripMenuItem",
        "HtmL-ive 0.5.7 - by 12padams",
        "CommonDialog",
        "* RGB - an RGB value, like \"rgb(0, 0, 255)\"",
        "DebuggerHiddenAttribute",
        "short hand",
        "CompanyName",
        "set_CCS_Line_Height",
        "get_TimedToolStripMenuItem",
        "TextToolStripMenuItem3_Click",
        "CCS Text Color",
        "PerformLayout",
        "PADPADP",
        "lucida console",
        "AssemblyCopyrightAttribute",
        "futurablack bt",
        "get_Label10",
        "set_CCS_Text_Transform",
        "brush script mt",
        "SplitterPanel",
        "set_TextToolStripMenuItem3",
        "3System.Resources.Tools.StronglyTypedResourceBuilder",
        "_CCSToolStripMenuItem",
        "Decoration",
        "Choose the font you want from the list below.",
        "</th>",
        "System.Configuration",
        "HTML Image",
        "Based on the above type what you want in the textbox below:",
        "_OrderedListorToolStripMenuItem",
        "<sub>",
        "center center",
        "set_SplitContainer1",
        "value",
        "get_DirectionToolStripMenuItem",
        "Microsoft.VisualBasic.CompilerServices",
        "get_SaveToolStripMenuItem",
        "pump demi bold let",
        "Label1.Text",
        "by the px symbol as it will automatically be added",
        "_VerticalToolStripMenuItem",
        "set_CCSCodeHeadingToolStripMenuItem",
        "Image URL:",
        "_Label7",
        "center bottom",
        "space to be placed between each word.",
        "times",
        "westwood let",
        "CCS Tag Customize",
        "set_ListItemliToolStripMenuItem",
        "get_NewLine",
        "livehtml.CCS_Background_Image.resources",
        "htmllink",
        "System.Drawing",
        "Heading 2 <h2>",
        "set_Heading4h4ToolStripMenuItem",
        "set_StartJavascriptToolStripMenuItem",
        "10.0.0.0",
        "CCS Text Shadow",
        "Form1_Load",
        "get_HTML_Image",
        "add_Load",
        "serif",
        "Random Number",
        "</ul>",
        "ToString",
        "Transform",
        "_BoldToolStripMenuItem",
        "Choose a Background Attachment Type from the list below:",
        "</del>",
        "ButtonBase",
        "A fixed line height in px, pt, cm, etc.",
        "displayed on the webpage.",
        "xx-large",
        "_ComboBox1",
        "Fixed: Background stays in the same place",
        "CCS Text Decoration",
        "the combo box below:",
        "System.Reflection",
        "_HtmlToolStripMenuItem",
        "set_Anchor",
        "m_CCS_Text_Decoration",
        "ToolStripDropDownItem",
        "RuntimeHelpers",
        "chicago",
        "CCS_customize_tag",
        "HTML_Image",
        "StringFileInfo",
        "set_BackgroundimageToolStripMenuItem",
        "set_ImageSize",
        "blink",
        "get_Culture",
        "addcode",
        "get_Assembly",
        "System.Resources",
        "la bamba let",
        "DeleteddelToolStripMenuItem_Click",
        ".ctor",
        "<HEAD>",
        "TransformToolStripMenuItem",
        "Timeout",
        "SizeF",
        "get_HtmlToolStripMenuItem",
        "subscripted <sub>",
        "You can also choose the location in pixels of where in the webpage you",
        "GetTypeFromHandle",
        "MyComputer",
        "#Strings",
        "georgia",
        "get_CCS_Text_Indent",
        "(Will not be displayed in this program)",
        "Javascript",
        "           Defines a normal text. This is default",
        "line-through:   Defines a line through the text",
        "text-decoration:",
        "Enter the Name of the function below:",
        "set_PHPToolStripMenuItem",
        "get_User",
        "Enter the number of pixels in textboxes NOT followed ",
        "TargetInvocationException",
        "set_Label10",
        "Time: This is the time in miliseconds that you want this event to go off",
        "get_CCSCodeHeadingToolStripMenuItem",
        "DecorationToolStripMenuItem",
        "Use the combobox below to choose the text direction",
        "set_CCSToolStripMenuItem",
        "StartJavascriptToolStripMenuItem",
        "set_FileToolStripMenuItem",
        ".text",
        "set_ColorDepth",
        "CCS_Text_Decoration",
        "get_Control",
        "My.WebServices",
        "set_IndentToolStripMenuItem",
        "'CCSCustomTagPropertiesToolStripMenuItem",
        "Ordered List Setup <ol>",
        "set_ImageToolStripMenuItem",
        "set_CCS_Text_Direction",
        "get_HtmlStructureToolStripMenuItem",
        "ApplicationSettingsBase",
        "List Item <li>",
        "set_TransparentColor",
        "If the image is coming from your location computer instead enter the file location",
        "m_AppObjectProvider",
        ").NETFramework,Version=v4.0,Profile=Client",
        "livehtml.exe",
        "livehtml.My",
        "Heading5h5ToolStripMenuItem_Click",
        "_ListsToolStripMenuItem",
        "SaveAsToolStripMenuItem_Click",
        "VS_VERSION_INFO",
        "Default",
        "BackgroundimageToolStripMenuItem",
        "courier",
        "lowercase:   All characters lowercase",
        "Heading2h2ToolStripMenuItem",
        "m_UserObjectProvider",
        "set_HtmlToolStripMenuItem",
        "SuspendLayout",
        "m_CCS_Background_Image",
        "<sup>",
        "ContainerControl",
        "remove_Click",
        "uppercase:  All characters uppercase",
        "set_UnderlineuToolStripMenuItem",
        "set_Dock",
        "m_CCS_Font_Family",
        "wide latin",
        "_Heading3h3ToolStripMenuItem",
        "SetProjectError",
        "get_Label8",
        "AutoScaleMode",
        "20% 20%",
        "OrderedListorToolStripMenuItem",
        "ToolStripItem",
        "_BackgroundpositionToolStripMenuItem",
        "ISupportInitialize",
        "If the text is indented it makes it so that",
        "jokerman let",
        "direction:",
        "* name - a color name, like \"Blue\"",
        "olddreadfulno7 bt",
        "set_CCSCustomTagPropertiesToolStripMenuItem",
        "roland",
        "_SplitContainer1",
        "GetType",
        "set_BackgroundrepeatToolStripMenuItem",
        "desdemona",
        "_LetterSpacingToolStripMenuItem",
        "set_CCS_Text_Align",
        "signs normal",
        "get_ListsToolStripMenuItem",
        "FrameworkDisplayName",
        "get_ComboBox1",
        "m_Form1",
        "HelpKeywordAttribute",
        "IconSize",
        "CCS Background Attachment",
        "get_TextToolStripMenuItem3",
        ".cctor",
        "set_TableToolStripMenuItem",
        "get_CCSToolStripMenuItem",
        "CCS_Text_Direction",
        "CCSCodeHeadingToolStripMenuItem",
        "get_Computer",
        "livehtml.CCS_Word_Spacing.resources",
        "courier new",
        "Safari or the program you are currently using.",
        "get_QuitToolStripMenuItem",
        "Select a size from the list below.",
        "letter-spacing:",
        "get_NewRowtrToolStripMenuItem",
        "swis721 bt",
        "addedHandler",
        "My.Settings",
        "century gothic",
        "set_SaveAsToolStripMenuItem1",
        "CodeToolStripMenuItem",
        "CCS_Text_Indent",
        "_Label10",
        "MyForms",
        "<head> <style type='text/css'>",
        "IconData",
        "My.MyProject.Forms",
        "Microsoft.VisualBasic.Devices",
        "NewRowtrToolStripMenuItem_Click",
        "background-attachment:",
        "m_HTML_Image",
        "livehtml.CCS_Line_Height.resources",
        "Equals",
        "set_Label9",
        "Heading2h2ToolStripMenuItem_Click",
        "footlight mt light",
        "4.0.0.0",
        "UnorderedListulToolStripMenuItem_Click",
        "_TransformToolStripMenuItem",
        "set_CCS_customize_tag",
        "get_ImageToolStripMenuItem",
        " 12padams 2010",
        "WARNING: Only works in Safari, Opera, and Konqueror!",
        "LegalCopyright",
        "livehtml.Form1.resources",
        "jester",
        "FileSystemProxy",
        "simpson",
        "set_VerticalAlignToolStripMenuItem",
        " UnorderedListulToolStripMenuItem",
        "uppercase",
        "addedHandlerLockObject",
        "_TextBox1",
        "set_QuitToolStripMenuItem",
        "blink:              Defines a blinking text",
        "get_Heading6h6ToolStripMenuItem",
        "set_NewHorizontalItemToolStripMenuItem",
        "m_Javascript_Function",
        "get_Javascript_Function",
        "bimini",
        "MySettingsProperty",
        "playbill",
        "lighter",
        "Action: This will happen once the set time has passed. It is recommended to put a function that you have made in this box.",
        "Utils",
        "livehtml.CCS_Text_Align.resources",
        "get_LinkToolStripMenuItem",
        "get_Message",
        "_CCSCodeHeadingToolStripMenuItem",
        "get_BackgroundimageToolStripMenuItem",
        "lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet",
        "FileDescription",
        "get_Panel2",
        "</sub>",
        "GetResourceString",
        "System.ComponentModel",
        "@<7unli",
        "m_MyFormsObjectProvider",
        "ResumeLayout",
        "_CorExeMain",
        "get_OrderedListorToolStripMenuItem",
        "set_Javascript_Function",
        "Container",
        "set_CCS_Text_Decoration",
        "get_CCS_background_Repeat",
        "CCS_background_Repeat",
        "Java Structure Setup",
        "Background Color",
        "normal",
        "Computer",
        "comic sans ms",
        "Enter the amount of pixels you want of white ",
        "<img src='",
        "http://12padams.no-ip.org/test.jpg insead of test.jpg ",
        "get_Label2",
        "_TextToolStripMenuItem3",
        "get_BackgroundattachmentToolStripMenuItem",
        "overline:         Defines a line above the text",
        "monotype sorts",
        "ShutdownEventHandler",
        "Make Link",
        "get_SplitContainer1",
        "m_ComputerObjectProvider",
        "_TextToolStripMenuItem1",
        "_DeleteddelToolStripMenuItem",
        "0.4.0.0",
        "VerticalAlignToolStripMenuItem_Click",
        "CompilerGeneratedAttribute",
        "CCS Text Transform",
        "set_TextToolStripMenuItem2",
        "FullPath",
        "System.Runtime.Versioning",
        "set_WebBrowser1",
        "SplitContainer1",
        "_FunctionToolStripMenuItem",
        "map symbols",
        "echo '",
        "_WeightToolStripMenuItem",
        "webdings",
        "Button1_Click",
        "Javascript_Random_Number",
        "set_CheckState",
        "TextBox3",
        "_SaveToolStripMenuItem",
        "center",
        "right",
        "SuperscriptedsupToolStripMenuItem",
        "WindowsFormsApplicationBase",
        "ThreadStaticAttribute",
        "set_FunctionToolStripMenuItem",
        "TableFormatSetupToolStripMenuItem_Click",
        "ItaliciToolStripMenuItem",
        "CCS Background Image",
        "get_TableFormatSetupToolStripMenuItem",
        "livehtml.CCS_Letter_Spacing.resources",
        "get_CCS_Word_Spacing",
        "resourceCulture",
        "#GUID",
        "Heading 6 <h6>",
        "BackgroundcolorToolStripMenuItem",
        "get_CCS_Font_Weight",
        "WrapNonExceptionThrows",
        "_SuperscriptedsupToolStripMenuItem",
        "_TextBox3",
        "PHP Structure Setup",
        "get_htmllink",
        "get_CCS_Text_Align",
        "fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj",
        "you want to be in bettween each letter typed.",
        "_FontSizeToolStripMenuItem",
        "ImageToolStripMenuItem_Click",
        "get_Heading1h1ToolStripMenuItem",
        "NewHorizontalItemToolStripMenuItem_Click",
        "_Heading5h5ToolStripMenuItem",
        "You can also put in negative numbers if you want",
        "Heading3h3ToolStripMenuItem_Click",
        "set_TableFormatSetupToolStripMenuItem",
        "verdana",
        "TextBox1",
        "westminster",
        "@.reloc",
        "Label2",
        "Align",
        "        The text renders as it is",
        "_Label1",
        "CCS_Text_Transform",
        "Alternate text is displayed a placeholder if",
        "garamond",
        "_CCSToolStripMenuItem1",
        "*BSJB",
        "LineHeightToolStripMenuItem",
        "set_CodeToolStripMenuItem",
        "set_TextBox2",
        "m_MyWebServicesObjectProvider",
        "Heading3h3ToolStripMenuItem",
        "AddRange",
        "Geotype TT)",
        "ClearProjectError",
        "Background",
        "System.Windows.Forms.Form",
        "function ",
        "In the Textbox below enter the amount of pixels that",
        "String",
        "CultureInfo",
        "MyApplication",
        "get_Label7",
        "Alert Box",
        "algerian",
        "get_ViewToolStripMenuItem",
        "GetObjectValue",
        "ToolStripMenuItem",
        "m_CCS_Line_Height",
        "DebuggerNonUserCodeAttribute",
        "get_ccs_background_color",
        "DirectionToolStripMenuItem_Click",
        "set_TextBox3",
        "EventHandler",
        "zapfellipt bt ",
        "JavascriptToolStripMenuItem",
        "there is a gap between the edge of the",
        "m_CCS_Background_Position",
        "_Label9",
        "Heading 3 <h3>",
        "StartJavascriptToolStripMenuItem_Click",
        "GuidAttribute",
        "set_AutoScaleDimensions",
        "livehtml.Resources.resources",
        "repeat-x:     The background image will be repeated horizontally.",
        "ReferenceEquals",
        "!SuperscriptedsupToolStripMenuItem",
        "IndentToolStripMenuItem",
        "set_FileName",
        "Label4.Text",
        "lithograph",
        "own font in the box instead of selecting one",
        "C:\\Users\\Phillip\\documents\\visual studio 2010\\Projects\\livehtml\\livehtml\\obj\\x86\\Release\\livehtml.pdb",
        "set_SuperscriptedsupToolStripMenuItem",
        "livehtml.CCS_Text_Shadow.resources",
        "TextToolStripMenuItem1",
        "Select from the box below the way you want to ",
        "repeat:        The background image will be repeated both vertically and horizontally.",
        "Exception",
        "My.Computer",
        "C:.u`[U",
        "set_FontToolStripMenuItem",
        ".NET Framework 4 Client Profile",
        "TextToolStripMenuItem1_Click",
        "none:  ",
        "A line height in percent of the current font size",
        "Forms",
        "ckblive_CheckedChanged"
      ],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "selfextract": {
        "de4dot": {
          "extracted_files": [
            {
              "name": "03ec7ba7ee06da50a01d312fe77c010565b3126b87b2ecf790447146c2ee0d14",
              "path": "/opt/CAPEv2/storage/analyses/53/selfextracted/03ec7ba7ee06da50a01d312fe77c010565b3126b87b2ecf790447146c2ee0d14",
              "guest_paths": [
                "dfc699781837e22302e61c78c7c4d39694b26a3dcc61da7d4e163bdcbb8f3434"
              ],
              "size": 144384,
              "crc32": "7AC07222",
              "md5": "ef51d4c4a7d76ecd86b80781f41910bc",
              "sha1": "5e90cad6f51d9b07b2449eeff19335ca86a59020",
              "sha256": "03ec7ba7ee06da50a01d312fe77c010565b3126b87b2ecf790447146c2ee0d14",
              "sha512": "5249af10bde76db1b4295d87b24fdf35cf78ade68b4d765dad35916903b6b42f1e365236d77a48d38be014c7dd9f446b0004183b74068b62123f25c2fe466f7c",
              "rh_hash": null,
              "ssdeep": "3072:d7VxHdbxLytYA2iCI0MRRMMMMMMMRMRMMM1RRGUlMl5mrOiVZr3QAPzaVNfEaiCr:zqlmBr3Ql",
              "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
              "yara": [],
              "cape_yara": [],
              "clamav": [],
              "tlsh": "T1D7E3C52236D8A753EA7D73F519B0006452F2ED560132E74E3C29725E19F6742CFB2B2A",
              "sha3_384": "a987faed1ce5a8e183bc43cedbd96d25fb5fdfcb4ec9ff8427cc3e25fb1619d2e671d5e3b0337271fbaf72705370870f",
              "data": null
            }
          ],
          "extracted_files_time": 0.970173683999974,
          "password": ""
        }
      },
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "procdump": [
    {
      "name": "f6b3577e43911312e7ab3c479b13215e856a3ce268d071e250a391b84ff632d8",
      "path": "/opt/CAPEv2/storage/analyses/53/procdump/f6b3577e43911312e7ab3c479b13215e856a3ce268d071e250a391b84ff632d8",
      "guest_paths": "1;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?",
      "size": 17408,
      "crc32": "27022394",
      "md5": "6019dc63dface5b5da34278034e647ca",
      "sha1": "e6a773e430b1817bcdfdb927aec17df03849cd03",
      "sha256": "f6b3577e43911312e7ab3c479b13215e856a3ce268d071e250a391b84ff632d8",
      "sha512": "3d0057f8ae6f2b971ae025e8b63351f9bc225964a1e2a69761f0c451048ecad1d97948ed0dab542abd50a00e68a2ef3e661536dbf76b5275bced3165a5bfc564",
      "rh_hash": null,
      "ssdeep": "192:1qizbkagtSjU4kMqgfg2hDx0tTmDvyB6/FKOnWyymziKcAZjtHukCvJJN:Yi01tSw4Rg2L0tk6BabX5ziCBHQJJ",
      "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T15672F655B8A8F722D01A30F169A5C2F5285ABDD50EA5863735B8771F28F03E3DF9221C",
      "sha3_384": "35002996288219bc716b131caee1485d3221681f94b55c66262c59af40fd01aaea3a5976fb1a2bbbc26874a51ba32844",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "pe": {
        "guest_signers": {
          "aux_sha1": null,
          "aux_timestamp": null,
          "aux_valid": false,
          "aux_error": true,
          "aux_error_desc": "File not found: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\53\\HTMLive.exe",
          "aux_signers": []
        },
        "digital_signers": [],
        "imagebase": "0x00400000",
        "entrypoint": "0x000224ee",
        "ep_bytes": "",
        "peid_signatures": null,
        "reported_checksum": "0x00000000",
        "actual_checksum": "0x00012eac",
        "osversion": "4.0",
        "machine_type": "IMAGE_FILE_MACHINE_I386",
        "pdbpath": null,
        "imports": {},
        "exported_dll_name": null,
        "exports": [],
        "dirents": [
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
            "virtual_address": "0x00022498",
            "size": "0x00000053"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
            "virtual_address": "0x00026000",
            "size": "0x00003f28"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
            "virtual_address": "0x0002a000",
            "size": "0x0000000c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
            "virtual_address": "0x00024000",
            "size": "0x0000001c"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_TLS",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_IAT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
            "virtual_address": "0x00002008",
            "size": "0x00000048"
          },
          {
            "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
            "virtual_address": "0x00000000",
            "size": "0x00000000"
          }
        ],
        "sections": [
          {
            "name": ".text",
            "raw_address": "0x00000400",
            "virtual_address": "0x00002000",
            "virtual_size": "0x00022000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xe0000020",
            "entropy": "0.00"
          },
          {
            "name": ".sdata",
            "raw_address": "0x00000400",
            "virtual_address": "0x00024000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "0.00"
          },
          {
            "name": ".rsrc",
            "raw_address": "0x00000400",
            "virtual_address": "0x00026000",
            "virtual_size": "0x00004000",
            "size_of_data": "0x00004000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x40000040",
            "entropy": "5.91"
          },
          {
            "name": ".reloc",
            "raw_address": "0x00004400",
            "virtual_address": "0x0002a000",
            "virtual_size": "0x00002000",
            "size_of_data": "0x00000000",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
            "characteristics_raw": "0x42000040",
            "entropy": "0.00"
          }
        ],
        "overlay": null,
        "resources": [
          {
            "name": "RT_ICON",
            "offset": "0x00026440",
            "size": "0x00000468",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "6.01"
          },
          {
            "name": "RT_ICON",
            "offset": "0x000268a8",
            "size": "0x000010a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "6.19"
          },
          {
            "name": "RT_ICON",
            "offset": "0x00027950",
            "size": "0x000025a8",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "5.96"
          },
          {
            "name": "RT_GROUP_ICON",
            "offset": "0x00029ef8",
            "size": "0x00000030",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "2.49"
          },
          {
            "name": "RT_VERSION",
            "offset": "0x00026148",
            "size": "0x000002f4",
            "filetype": null,
            "language": "LANG_NEUTRAL",
            "sublanguage": "SUBLANG_NEUTRAL",
            "entropy": "3.26"
          }
        ],
        "versioninfo": [
          {
            "name": "Translation",
            "value": "0x0000 0x04b0"
          },
          {
            "name": "CompanyName",
            "value": "12padams"
          },
          {
            "name": "FileDescription",
            "value": "livehtml"
          },
          {
            "name": "FileVersion",
            "value": "0.4.0.0"
          },
          {
            "name": "InternalName",
            "value": "livehtml.exe"
          },
          {
            "name": "LegalCopyright",
            "value": "Copyright © 12padams 2010"
          },
          {
            "name": "OriginalFilename",
            "value": "livehtml.exe"
          },
          {
            "name": "ProductName",
            "value": "livehtml"
          },
          {
            "name": "ProductVersion",
            "value": "0.4.0.0"
          },
          {
            "name": "Assembly Version",
            "value": "0.4.0.0"
          }
        ],
        "imphash": "",
        "timestamp": "2010-11-21 12:05:22",
        "icon": "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAASRklEQVR4nK2af5AV1ZXHP/f2j/dz3gzDDCIgwqBEAWcVCVHir7gmyyKmCEGiWc2motFsNmuZaLKWZRmzsdSyXLRSlkmZrKVZNxJLkRA0pGJUkFgrIUiAQh0R5YfjOAPD/Hjvdfft7nv3j9vvzYAm0WRf1ame96ar+3zu95xzz+3bwhgj+Bs+QggfqABtQHtmecDPTpGAAkaAKnAIGATqgDLG6L/l/u7f4HQ7MAU4CTgFmJ8d24CXgF3AEBBigaYBi7JztgPPAVuFEK8BfcaY+l/ly0dRQAiRBzoypxcBFwIzgJuB9cCXgW5gOlAGipnzVawKQ8DbwAvAs8BPgNnA49n3PcDQR1HlQwEIIVzsyM7OnL4CWAP8CPgGYyNb/rA3xobSbmA18BrwDPAAdiB2GWNG/l8AhBBFbKicB6zEjuAPgNsyxzs+gtN/6rMH+CmwOTuuAjYAb/8lNf4sgBCigh3ZJcD1WAVuAZYf6/jJJ59845tvvrnqxBNPPFgsFvNCiMnVapUwDFFKobUmSZK+JEnCKIqmFQqFb9Xr9XuOueUu4Nbs+nXgYeC1P5cffxJACNEGzMOGyxTgLuBuYEHjHMdxdgkhuq+99tpDra2tkwcGBhgcHOTIkSOMjIxQq9WOAhBC4DgOvu+Tz+dJ07Svp6enwxizwxgzL7tsAjwKrMsG7XZgmzGm+qEBspGfB3wd2A/0Ad9h3Kh3dXXtXbVq1TSg3NfXR39/P+MBRkdHqdVqBEFAHMdNANd1mwClUolyuYzjONWNGzceHBoa6hrnxkvAMmxY3Q48a4wZ/IsAWaWZDXwNWwIPAd8iS9AlS5bceMkll9y4bNmy6X19fbz77ru899579Pf3c+jQIQ4fPszQ0FATIAzDDwQoFApNgEqlQqVSoaenZ/++ffvu2blzZyO0XgM+A2wFbvwgiKPmASGEBCZhY34eVspbG87fcMMNN1966aV3zJ8/vzw6Oorv++RyuaMsn8+Tz+dRSpGmqb2J6x4FkMvlKBQKFIvFo+z888+fnqbpHa+++urNjzzyyB3Y/HsOG7abgLoQYtP4CnXsRNaGrSzXZ+RrGmFz9tlnr1mxYsU9nZ2dxHGM7/tH2QeBaG0LSJIkGGPeBzAeolQqUSqVaG1tLc+dO/eevXv3rn7xxReXY+ecZzK/HgJ6hRC7jDEK7DQ/PnTmAF/MTr4PO3tyxhlnrPn2t799WZIkJElCHMd4nofneR8KZLwd6/h4a0CUSiXuvffeyz796U+vydybh530NgGfxXYBHAWQjfSF2KS9PoPgtNNOu/7SSy9d2nC+AeC67keGKBQK7zt+EEwD4vvf//7SpUuX3pj59xnsjP4dYGE2P1mAbPTnZaP/ELASBCDo6uq6qdLaWk7SlDhJrMUJCIHjejiuh5uZ5/tN83P5D7RjlchnVigWm1YslSiWSsye/bHy4sWLGwAucE2WF8uBKUII2VCgHTgLIR4EcROINgDHdeSZCxZM11qjU2tJkhKnCUmS4jgOjuta8xogPq7n43oW6FglcvlC0/x8BpAvUGhYodi0YrHINddcO933czIb0HnY6ngWsBAoSiGERDrTQCxFOM8huBAB0pG7rrrq6lAbSFNNojVxmpIk1uIkRUgHx3EQjoPjuEjXxfXGq5Fr2pgKOfxcjlwu37R8oUCuYKEayhQKBRCCaq3G5t/9LnQ9d1eWrcvx8udgW5tJknxrEaO7EQxi9HUgyiBAyO6WSqWstUEb0MagtbEQqSZOEhAShLTOO+7Y0cuUcD37t+/jNsIrl8fz83i5HH7eAvgNmKMUylOr16nVarS2tZaFEN1ZVM8giZaDWAlMk2DKIObhFW4GFiIECMHFFy89ZAADaEBrQ6oziEwBhMAgMUiElIgmiId0x4Nk5uXwPB8vN6aMlwGMqZTLnA+o1wNq9Tr1Wp17773vkA0jAFYguA8h5kiSaBJCdGOMixAzAD6x6Nxbpp1wwmSwI2wMGEOmhFUjTTWpAYRASIkREiGdpjVAHG8MxvG8LD8yc31cP4d7DBRCNp2v1upU63VOOXXO5Gv/5eu3ZLnQzdXrbscwX2L7nvnodLHNdMGO7dtuEVKCsJqBwAhhHTeGJDXEqbZhZbAgCAwCIySMA7EwtlpJx0O6ngVzfQvVrGR+BpizzgdWgSAIqdcD6kHA6sceuyWLkDYeWv4VBAtdW/9FD5jTEbYonXTy7KGqKFee2DeR/mpE3ku56DS4cr7gm4+/zs633oNI8ZmFs5l1fIUfrn6ezrYcWmsOH6kxeWILgVIMj0ZM7SxxqJoQKaiUBf/6SZvs0nXZMSB44H9egZzP+WfM5ntfWMDnV/2CXXv3U3YMKy+Yy8ruCkEQEoUhZy9aNLThV7+aDAaMmQ9ihsSYCtJ9BtsDgZCce+550yd4CV8+aQgixZQWydIuB4PgnhUfg3qVhXOm8OB1/4COFceVJHd/5RwWnToFVJV/PL2DqxZ1kNOKs2bkOW9WCVLFyHCVN4ZdhHRBOmx/ewhSBZFi1eXdnNhRYsN3l0KkmD1jMpfPn0gYRQRBSBCGfG758uljUcEMhFgnQXTg5beAmNxQwHHHKgqpQqQBNqQkGgEqgiyR/66rkxuuvJC8K9DaNm9Gg+8IFn98GpWcoCUvyWkFqkrPwREQkjCVvPLqm3QWfQhGbahJhyCMIFWkUZ0gjKgHIUEUEYTWbIUUIMRkhLNFAm2UOvaQdZyXX/1vK103SzzXBRUR1BVvHE7Z3Rew48AIpAoTJ6gkpXt6O6dOqZCkGmNsidBGow3MbIOyZytZZ3uRSqnAjjfeIUgFOw/WmN5eprOEVUHY/IkiZa+hNaFSREoRhhFhFBFFEdf9+60rMgXKON5+iRCa404dRIg8QuJ4Oen5Pl6WYASDhMND9LwzzO59g+x4sw9UFZIApWJbUtOUONHoNMlubquVQaC1wQgH43jMP3UqALv7IjZue4uzu2daYlXFCImKE8JIQTCKDgMiFRNFCqXiDEIRqlhmYeQinUQiZMiR/W0gEqDZAtgy59k+o7XEsoXT+MK5s7jy7+3KzwAqjlFxTBwnJGmCxgEgRZBqO3trA1q6GKdAV0cOCu08s/VtBsOURbM7ILuHMaDihEjZUNNhHaViojhBxTE9hxOUUkRxkk3IooqQSKTTx2jfHIQYAsHD99+z2tZj2wrYcw3ScZHSodk+GU2kElScoJIEpRJSbWMo1Zok1dnkpxkJNUhBWcacNGMSUeKyYN4stDFkUYdBZAOSNn5oDs7rA4qHf70bpWIeeeDex7M8SEjVKRLHHySun4OQ/VnJJ5fLoWWO1wft5QeHa7wznOC4LrsO2sXQa28c4Pc9vag4IVYJ+44oeg/XwC+z80Cd9+qSJNUMRC5vvVfn0FCVPVWfEzqL4Of45MltvD6gGDhiHzi8sPMAR6ohG3cdBGDgyDC7++r88d2QJ198i5zrZ+0LjflpEGPmCFqnnk3t8DO4/gZ0uhwhOe+CT/Wfv/hz07buryFdD891OX5SOxefMZUntrxDLueTJjFBLeCSBVMZGRnht7v76TsSEBtDomKKbsKsfJWeWoFqBMLP47g+3e0JkVtm7iSPzfuU7VKLBYqFIksWzOTJjbuIVISKFFEUECtFHIUU3ZT3tm04uP2VbZMwGoRcTRrPdylM6Kc+uB83vxlVWw7wyrZtlcsuu5xlHWU833aOhWIJz/f56uJuyi0tDA0NMzw8zNDwMHEcc/pkl2pJUg/qdiGvYpIkZaY/isiB4wT4vkdO5jmuEGGMy+K5E2lra6V9wgTa29vROuWfzp3F0NARRkeGqY5KqqMptZohCkI2vv56pdEM4fjbSeMlkrapdaT7v3zqxtUg6gAXLV2+qrHwaPbxOdvb+75PHMfEcUySWRwnJPHYii1NU5I0JdUpaZqQphqtbU4YY9BaY4w52jAYrdHZgzhjTLMDNtr2XvPOPGtVFkOKyXPXIeV2Secpddz8Fp6981sI+RrAU489fPPevXv7x0MUCnny2cJEKUWsFCqOM6dj4iQmSWLSJBlnKTrV1rFxZkwDRtuuAGMruxBIMbbKHQ+4/8CB/q2bn78ZACl7GOg5C+FukRw/LyHf0kMSXYFXWE9WF+666872YrFIsVCgWLSrpny+AMaQxIq4aVaFNLGldEyFzHRqS2yaonWK0Roz3nlj1QBwHNno5gHRbJ6NMTy9fn1zIY/jP0s0eh9efouk2K7p6NqL466jMvk5YBBjMIjd1dHRarFYtAvvQp5iIY9SEbGyIRQrRRIr1DiQJGmYBdCpDal0HEQTxOisgNqJwHUcpJRIIZFSIIRACBgZHa0aIXfbmk4vn3/gDoTcTHnSbokEZp0/Qq5lAwNvvICbfxQgjaNTrrzyiny5VKRcKlIqFlFK2fCJI2IVNZWwuaCO+p4myoLEcRNC6xSdpnbUtbZNk2ksm8DzXDzXwXUljhQ4UiCF4KGf/DivE3UKGJDuCzx+9aN4+fWc+IlDEoRm0pyECSfsxnEfojhhA7AnCxW97pfresvlEkLQdFxFkQ0fpSyIsr/HsSKNY5JkDCpNYtIkRqfZUSdjEJkJY5DC4LsuvufhZ6XbcRy2/uEPvWmaNBqtXlY8cD3G+BTatjHzrFAisA9XZiwaJNeyjqF3HiXfcl92dTa9/Mr97/b2VlUUMmaZwyoijiIbVrEaA8n+n6hMEaWaSug0QesEoxOMTq0KNhnwfQ/fc/E8B9eRDA8PVV9/+537m0tCN/8oP796K27uCY6bc5BSp85SXmhmfFIxYfpuXP8BouoiHHctxvD802tuu+W733s2CgKiIECFQRMkikKUit7/valIRBKPHRuK6KxaGZ2OmUmRggzCgjzx5Npne7a/fBvGgJSb8ItbEM4mShO3MO2MOgIkSN1U4YSFQ5QmrsfoIqWOBxFiG8bw3K+fXnLdN29YG0UBURgQRQEqDFGh/a6iEBWGVo0wII5Ce86xajWUSmLSNEYnVpEGhMCQz/nkfI+7//PetX/8w8tLMAYEb9O94ktUB24nV3qcqWccZOrpCUidPTCSGiE0J5+nmHbmfnLlhxjpvYuVP16MYA9G8+Lzv1ny08eevPXgwQPVKAgIg7qFCetEQXYMG781AMMmUAMgyUw3cyNBJzFojdEphw8NVP/78adu2/LSpiW2ZaCXypSr2faz3Xj5H9DetYvZF9YbNVbw1V84aGT2AEUy2i/5/U/b6O9ZhKreRfeKc9i55gWM6QJB98fPvuVjM0+47rTTTps2MjLC6OgoI6Oj1Ko16vU6QRigIkWS2ifSUkoc1yWfs48TW1paqLRWmNA2gfaJ7XR0dDKps5PjjpvEb5797cEXX952/2+ffuo/sso0SGHC16gd/hlu7lbaZ6xhzpJ+Tvx4AlLbueKrv3RAcxTEyLvw8sMdDOy5gLh+FyddsJA3Nz2B0QsaS7qJEzvevuSSi6cYY8ojI1VqtSq1ep0wCFGxaj5Sl1LieR65XJ5isdgEaJ/QzsSJE+no6MBxZPXOO+/q3b9v3wyaDTa9FNquJzjyI6R7Py2Tn+D0Sw+Odx6JzgBgDCJrxt/a7PLqr9sZfOsiEnUTrVNXMNp3Mzpdht12RUpnN5h5CxYsGMzl8pPq9caeWHyUAp7r2cmwVKRcbqGtrY0JEyZQrVb7f/7z1e0GsSuN4zlN54XczAkLvsy+l1/D9W+lOHE9Z37xfc5DtsUkrlkvmxD2YL8f2SfZeF8H1YEFJOHVCGcHjruHJLoOu5fQ/LR1HHfT8OH+uyutbb2e6+Y9z5vUAGjsiWmt++tBEPb29k6ZOmPWTQf2vnFH1itkjotepPsTHK8HVb8N119FqeM5Tl/Rx8xzkuaTOYlu7AwctUc2BjIOpv9NyUs/rDDS10USLcak3yDX8lni4EJ0uhLMnEY6faiP+MDzehFyA//82PU8/IXtCPkCjreWyvE7mHXBIHOX6jHH7R8A5sGl+k9vs46H2bsZDvze5+Ark1D1OejksxhzBY73RTAuOv0S9nH3R9n0PgTsRTjPMHPRD9j74lrrm/sofnELHSftp3uZ4vh5RzndcLzp50d6V+KimyRbHy0SDHWQqpPQ6YVglgM7yLVcRxzMwehzMOYUMB3YdyVc7N6vBoZA7EHIzVz11Fr+a9mNGH0riLUIsRnpbCXfuodPfGWErnM+0OH3+fTXvm6TbfFUsC92zMYqsAC7g9KD3RodxG4LZY8wmy+JHMr+vxXYAezNfqt/1Ndv/g8QWFWwkdEkqgAAAABJRU5ErkJggg==",
        "icon_hash": "ad28893065a52c08b5a6a12d55314087",
        "icon_fuzzy": "65012ba4fce4a99e4b663d6321f8ef80",
        "icon_dhash": "1f49cc8ccccccd27"
      },
      "data": null,
      "strings": [
        ".rsrc",
        "ProductName",
        "FileVersion",
        "12padams",
        "livehtml",
        "FileDescription",
        "Copyright ",
        "StringFileInfo",
        "Translation",
        "CompanyName",
        "OriginalFilename",
        "@<7unli",
        "livehtml.exe",
        "!This program cannot be run in DOS mode.",
        "Assembly Version",
        "thYO{vq",
        "ProductVersion",
        ".text",
        ".sdata",
        "C:.u`[U",
        "VS_VERSION_INFO",
        "000004b0",
        "VarFileInfo",
        " 12padams 2010",
        "0.4.0.0",
        "LegalCopyright",
        "InternalName",
        "@.reloc"
      ],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 1,
      "cape_type": "",
      "process_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
      "process_name": "HTMLive.exe",
      "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
      "pid": 4500
    }
  ],
  "CAPE": {
    "payloads": [
      {
        "name": "7415bbbf4690ce7e9491f81bbc414968aed014b33adeb1889801131d86ebee63",
        "path": "/opt/CAPEv2/storage/analyses/53/CAPE/7415bbbf4690ce7e9491f81bbc414968aed014b33adeb1889801131d86ebee63",
        "guest_paths": "9;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?0x08000000;?",
        "size": 28670,
        "crc32": "0C7D566E",
        "md5": "b9c62386f9c975c34c82f5fa9b3e5bbd",
        "sha1": "a54c0d6c3e8c5fd08d331dbd01543d71a49b242a",
        "sha256": "7415bbbf4690ce7e9491f81bbc414968aed014b33adeb1889801131d86ebee63",
        "sha512": "b9969c948b5e9ad10e8f7c60a93c9321d60f0f9543f198c8b4c2204c35e3d00e987d28d182fc58ed0f7ea2efb523d4ee16ba4f87b24656fbc9ab01770f8df50a",
        "rh_hash": null,
        "ssdeep": "96:QncjMEDlRj9LSQtS9tVQNPTuRHWFFKZmRv6bifm9Yef5gxgUlGhB6Qy0Ka+a9zog:PvB/STtibuR2cIZw6xpE3SAh",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T1EDD21C16BA148719C27713B68CDE07323B14D98B822CDB45025096E5FFA607FFB66EC6",
        "sha3_384": "ed0c788bdcb15b6e22bf9d44966b08c0a33bdd44d0b3479721dfbeb4a06b88f5f04dec5d5a46e91df5c3fbe2932e13fe",
        "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
        "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
        "data": null,
        "strings": [
          "lib, ",
          "l, Pu"
        ],
        "virustotal": {
          "error": true,
          "msg": "Unable to complete connection to VirusTotal. Status code: 429"
        },
        "executed_tools": [
          "msi_extract",
          "overlay",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "process_name": "HTMLive.exe",
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "pid": 4500,
        "virtual_address": "0x08000000"
      },
      {
        "name": "31224ad4f6c7504ce6f7e40fa315803be21124a78eac135ddd82b8eaba18535b",
        "path": "/opt/CAPEv2/storage/analyses/53/CAPE/31224ad4f6c7504ce6f7e40fa315803be21124a78eac135ddd82b8eaba18535b",
        "guest_paths": "9;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?0x7FCF0000;?",
        "size": 60,
        "crc32": "CF6AFA66",
        "md5": "0bb6635b0f5c01c49d53a74b5b4ed2a4",
        "sha1": "45f114a2ba0fc4dc1e1c3d57783888341c3c6ed2",
        "sha256": "31224ad4f6c7504ce6f7e40fa315803be21124a78eac135ddd82b8eaba18535b",
        "sha512": "8270b22c25ecda0db6081f03d0fa27acfe43e0b7eebfd9ec624b4859b4db6a329b1f81d60dfc9745b00e08096b580a6482d3990760fca036463ec1eb6c88d557",
        "rh_hash": null,
        "ssdeep": "3:Uaql/stnyztkNl9C62PXaXz:UF/sVyBk39C62PXu",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T14AA0025E45059051C5581B30194C9FDB931DF4514413DA3379215A80761E5564857112",
        "sha3_384": "b0a9e37b851f269ec2c267bcb60024f6eabd236e895799b85e4ba08573e4bb52c0f9e5188a5f306de134b1b54a311cbf",
        "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
        "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "Unable to complete connection to VirusTotal. Status code: 429"
        },
        "executed_tools": [
          "msi_extract",
          "overlay",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "process_name": "HTMLive.exe",
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "pid": 4500,
        "virtual_address": "0x7FCF0000"
      },
      {
        "name": "ca517a62cc4bd322c4afb74599b3f4a6f414d0fb6f750eae56a0d9c95d997f49",
        "path": "/opt/CAPEv2/storage/analyses/53/CAPE/ca517a62cc4bd322c4afb74599b3f4a6f414d0fb6f750eae56a0d9c95d997f49",
        "guest_paths": "9;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?0x7FCD0000;?",
        "size": 267,
        "crc32": "3183417E",
        "md5": "9d9fb6167ed45e1be6e2e3304a1a9a94",
        "sha1": "3076a374a3fda7a01265774173f308b6584fbe06",
        "sha256": "ca517a62cc4bd322c4afb74599b3f4a6f414d0fb6f750eae56a0d9c95d997f49",
        "sha512": "766f03c738bdb64f008fa3631201ca3a529735aea26c13deaf2268f95c23e3264a0caf5e2aa93a34a3be7dfa50b4f51fb52b65548c577f60b96935cb4613d354",
        "rh_hash": null,
        "ssdeep": "6:tV0f7ArZ0zsvm2IpW+52q4doGwm3/uBqki/aaI1h9j:tSjGusxOWazQoC/uBli/aNX9j",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T166D02B4525A230CA0056C250ED52C158ABD9BC37AF44D3BBF1780FDC83112451CC1B0B",
        "sha3_384": "8bed0c6b0454060393de3c4ff3d04f3a4717ccf33b862ffe61df8c1e84875008d8fc1583438f4d9913bbec4cd5c1daf1",
        "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
        "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
        "data": null,
        "strings": [],
        "virustotal": {
          "error": true,
          "msg": "Unable to complete connection to VirusTotal. Status code: 429"
        },
        "executed_tools": [
          "msi_extract",
          "overlay",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "process_name": "HTMLive.exe",
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "pid": 4500,
        "virtual_address": "0x7FCD0000"
      },
      {
        "name": "ee5f16dc47945cae528752f9a1c59316cfb9d941272eb7a2f00ebe0d074f2720",
        "path": "/opt/CAPEv2/storage/analyses/53/CAPE/ee5f16dc47945cae528752f9a1c59316cfb9d941272eb7a2f00ebe0d074f2720",
        "guest_paths": "9;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe;?0x012A0000;?",
        "size": 46410,
        "crc32": "22A7BEAC",
        "md5": "14ab1f3d41dd3e9a90f3b52513ea4ffa",
        "sha1": "0fa28e9d2e9ec4fb54902e075927453d182f93b4",
        "sha256": "ee5f16dc47945cae528752f9a1c59316cfb9d941272eb7a2f00ebe0d074f2720",
        "sha512": "876c97ce5b9ff29f662805676f07d61c3c9e47fd9b690ed4de699841e1c7ae5346e1b2e3cfc540e6a4da6af0ab17864707c0b8250291da22f3450050cc850ba0",
        "rh_hash": null,
        "ssdeep": "384:BvTqii+A110kttnjeFsHPQd4rrCI9xMnsYuKLJJJJJJJJJJJJJJJJLlMsZpD:mtjemxrvYsQJJJJJJJJJJJJJJJJBMy",
        "type": "data",
        "yara": [],
        "cape_yara": [],
        "clamav": [],
        "tlsh": "T126238CCDF220CF25C31C293ED46F4A8D33E6D1842F266F67A9BC85067D9BA690F11658",
        "sha3_384": "fa77a9ec1b2f4da2ca1ef9e01e60f9467d76e980e62dbcae0e480fb03aa694c795c512fa515d14967bf22ccf80a2965c",
        "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
        "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
        "data": null,
        "strings": [
          "System.Security.Permissions.PermissionSetAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "TU2System.Security.Permissions.SecurityPermissionFlag",
          "livehtml",
          "MemberAccess",
          "Flags",
          "mscorlib",
          "System.Windows.Forms",
          "Unrestricted",
          "llkz5",
          "System.Security.Permissions.ReflectionPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "SerializationFormatter",
          "Microsoft.VisualBasic",
          "Flags@",
          "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
          "ControlAppDomain",
          "ControlThread",
          "ControlEvidence",
          "System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089@"
        ],
        "virustotal": {
          "error": true,
          "msg": "Unable to complete connection to VirusTotal. Status code: 429"
        },
        "executed_tools": [
          "msi_extract",
          "overlay",
          "kixtart_extract",
          "vbe_extract",
          "batch_extract",
          "UnAutoIt_extract",
          "UPX_unpack",
          "RarSFX_extract",
          "Inno_extract",
          "SevenZip_unpack",
          "de4dot_deobfuscate",
          "eziriz_deobfuscate",
          "office_one"
        ],
        "cape_type_code": 9,
        "cape_type": "Unpacked Shellcode",
        "process_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "process_name": "HTMLive.exe",
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "pid": 4500,
        "virtual_address": "0x012A0000"
      }
    ],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-06-29 10:54:32",
    "ended": "2026-06-29 10:55:32",
    "duration": 60,
    "id": 53,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 53,
      "status": "stopping",
      "name": "win10",
      "label": "win10",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-06-29 10:54:32",
      "shutdown_on": "2026-06-29 10:55:32"
    },
    "package": "exe",
    "timeout": true,
    "tlp": null,
    "parent_sample": null,
    "options": {
      "vnc_port": "5900"
    },
    "source_url": null,
    "route": "internet",
    "user_id": 0,
    "CAPE_current_commit": "394455c2cd85889fb0782bfcf1f8c5c2f7f77b46"
  },
  "behavior": {
    "processes": [
      {
        "process_id": 4500,
        "process_name": "HTMLive.exe",
        "parent_id": 2892,
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "first_seen": "2026-06-28 21:56:12,714",
        "calls": [
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 0
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 2
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e2c0"
              }
            ],
            "repeated": 0,
            "id": 3
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2520",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2520",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 6
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466ed49",
            "parentcaller": "0x7465dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\Policy\\"
              },
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\"
              }
            ],
            "repeated": 0,
            "id": 7
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryInfoKeyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e410"
              }
            ],
            "repeated": 0,
            "id": 9
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2296",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466e980",
            "parentcaller": "0x7466ed5c",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000025c"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "4"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "9"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e3e0"
              }
            ],
            "repeated": 0,
            "id": 13
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "612",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "612",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466e9f7",
            "parentcaller": "0x7466ed5c",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "AppPatch"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\AppPatch"
              }
            ],
            "repeated": 0,
            "id": 17
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466edb8",
            "parentcaller": "0x7465dccc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x0000025c"
              },
              {
                "name": "SubKey",
                "value": "v4.0"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 18
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466eb88",
            "parentcaller": "0x7466edde",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000268"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "1"
              },
              {
                "name": "MaxValueNameLength",
                "value": "5"
              },
              {
                "name": "MaxValueLength",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 19
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 20
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e4b0"
              }
            ],
            "repeated": 0,
            "id": 21
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 22
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466ec0a",
            "parentcaller": "0x7466edde",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "30319"
              },
              {
                "name": "Data",
                "value": "30319-30319"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0\\30319"
              }
            ],
            "repeated": 0,
            "id": 23
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 24
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e430"
              }
            ],
            "repeated": 0,
            "id": 25
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 26
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466ee01",
            "parentcaller": "0x7465dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 27
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x746651c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 28
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e1c",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 29
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 30
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e1f0"
              }
            ],
            "repeated": 0,
            "id": 31
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7467ec20",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7469c000"
              },
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 32
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e34",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 33
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e71",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 34
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e7f",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 35
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x74676667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x012cdb20",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x4527336f"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d7bab8"
              }
            ],
            "repeated": 0,
            "id": 36
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x74676677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000258"
              }
            ],
            "repeated": 0,
            "id": 37
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x7466ef8e",
            "parentcaller": "0x7465dccc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 38
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e1c",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 39
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e34",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 40
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e71",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 41
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e7f",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 42
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x74676667",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x012cdb20",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x4527336f"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d7bab8"
              }
            ],
            "repeated": 0,
            "id": 43
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x74676677",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 44
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e1c",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 45
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e34",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 46
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e71",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 47
          },
          {
            "timestamp": "2026-06-28 21:56:12,885",
            "thread_id": "2784",
            "caller": "0x74664e7f",
            "parentcaller": "0x746652b8",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 48
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7466952e",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei"
              },
              {
                "name": "DllBase",
                "value": "0x74200000"
              }
            ],
            "repeated": 0,
            "id": 49
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x742089ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 50
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x742089ae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 51
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x74208760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 52
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x74208760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 53
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x74208760",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 54
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 55
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7466952e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74200000"
              }
            ],
            "repeated": 0,
            "id": 56
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7466952e",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74200000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 57
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x742014d0"
              }
            ],
            "repeated": 0,
            "id": 58
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterShimImplCleanupCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 59
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "SetShellShimInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 60
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "OnShimDllMainCalled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74209630"
              }
            ],
            "repeated": 0,
            "id": 61
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 62
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7420fa20"
              }
            ],
            "repeated": 0,
            "id": 63
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x74212143",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\MSCOREE.DLL.local"
              }
            ],
            "repeated": 0,
            "id": 64
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74208d85",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000250"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 65
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x74208da2",
            "parentcaller": "0x7420924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 66
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x74208de3",
            "parentcaller": "0x7420924a",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 67
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x74208df4",
            "parentcaller": "0x7420924a",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 68
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7420162d",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x012cd860",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xc87fbef5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 69
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 70
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 71
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 72
          },
          {
            "timestamp": "2026-06-28 21:56:12,901",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 73
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 74
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 75
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 76
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74207007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 77
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x74205ff0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000250"
              }
            ],
            "repeated": 0,
            "id": 78
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x74211a39",
            "parentcaller": "0x74206701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 79
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x74211a7f",
            "parentcaller": "0x74206701",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 80
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 81
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76200000"
              }
            ],
            "repeated": 0,
            "id": 82
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76200000"
              },
              {
                "name": "FunctionName",
                "value": "UrlIsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76214370"
              }
            ],
            "repeated": 0,
            "id": 83
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 84
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 85
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74210224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 86
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x7421024d",
            "parentcaller": "0x74210350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyV2RuntimeActivationPolicyDefaultValue"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue"
              }
            ],
            "repeated": 0,
            "id": 87
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x7420760b",
            "parentcaller": "0x742102b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 88
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74210224",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 89
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x7421024d",
            "parentcaller": "0x74210350",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              },
              {
                "name": "ValueName",
                "value": "OnlyUseLatestCLR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR"
              }
            ],
            "repeated": 0,
            "id": 90
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x7420760b",
            "parentcaller": "0x742102b6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 91
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 92
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x74234737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000264"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00N\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 93
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000025c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000264"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 94
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9da9b",
            "parentcaller": "0x74233dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000025c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04630000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3efbc"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 95
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x7424863e",
            "parentcaller": "0x7424740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 96
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74233e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 97
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x74233ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 98
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74233ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 99
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 100
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x74234737",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00N\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 101
          },
          {
            "timestamp": "2026-06-28 21:56:12,917",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000264"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000025c"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 102
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b9da9b",
            "parentcaller": "0x74233dc6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000264"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04630000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3efbc"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 103
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x7424863e",
            "parentcaller": "0x7424740f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 104
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74233e96",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 105
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x74233ec1",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 106
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74233ee4",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000264"
              }
            ],
            "repeated": 0,
            "id": 107
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x7421fc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000006",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000000"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 108
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x7421fc7b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000248"
              },
              {
                "name": "SubKey",
                "value": "Policy\\Standards"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards"
              }
            ],
            "repeated": 0,
            "id": 109
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x7421fa9a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000268"
              },
              {
                "name": "SubKey",
                "value": "v4.0.30319"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v4.0.30319"
              }
            ],
            "repeated": 0,
            "id": 110
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x7421509d",
            "parentcaller": "0x742198ef",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 111
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420dd47",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\kernel.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 112
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420dd47",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 113
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420dd47",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 114
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3a00"
              }
            ],
            "repeated": 0,
            "id": 115
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3d80"
              }
            ],
            "repeated": 0,
            "id": 116
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3db0"
              }
            ],
            "repeated": 0,
            "id": 117
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3dd0"
              }
            ],
            "repeated": 0,
            "id": 118
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b8f218",
            "parentcaller": "0x7420db51",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 119
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74207f73",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 120
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207fa5",
            "parentcaller": "0x74208014",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "ValueName",
                "value": "NoClientChecks"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks"
              }
            ],
            "repeated": 0,
            "id": 121
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207fd5",
            "parentcaller": "0x74208014",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 122
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74207a76",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\"
              }
            ],
            "repeated": 0,
            "id": 123
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207a31",
            "parentcaller": "0x74207c6b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000268"
              },
              {
                "name": "SubKey",
                "value": "default"
              },
              {
                "name": "Handle",
                "value": "0x0000025c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\default"
              }
            ],
            "repeated": 0,
            "id": 124
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207c96",
            "parentcaller": "0x742080d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000025c"
              }
            ],
            "repeated": 0,
            "id": 125
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x74207cf1",
            "parentcaller": "0x742080d0",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 126
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 127
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VERSION"
              },
              {
                "name": "DllBase",
                "value": "0x741f0000"
              }
            ],
            "repeated": 0,
            "id": 128
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741f0000"
              }
            ],
            "repeated": 0,
            "id": 129
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15c0"
              }
            ],
            "repeated": 0,
            "id": 130
          },
          {
            "timestamp": "2026-06-28 21:56:12,932",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 131
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x7421080a",
            "parentcaller": "0x7420da39",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x0000083c",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              }
            ],
            "repeated": 0,
            "id": 132
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 133
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15e0"
              }
            ],
            "repeated": 0,
            "id": 134
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 135
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x7421082b",
            "parentcaller": "0x7420da39",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              }
            ],
            "repeated": 0,
            "id": 136
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 137
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f1560"
              }
            ],
            "repeated": 0,
            "id": 138
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 139
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x7421233d",
            "parentcaller": "0x742122cf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              },
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              }
            ],
            "repeated": 0,
            "id": 140
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x74212376",
            "parentcaller": "0x742122cf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              },
              {
                "name": "ValueName",
                "value": "Release"
              },
              {
                "name": "Data",
                "value": "528372"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release"
              }
            ],
            "repeated": 0,
            "id": 141
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x7421c537",
            "parentcaller": "0x742122cf",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 142
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x7420d044",
            "parentcaller": "0x7420cfd3",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 143
          },
          {
            "timestamp": "2026-06-28 21:56:12,964",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000248"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120080",
                "pretty_value": "FILE_READ_ATTRIBUTES|READ_CONTROL|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 144
          },
          {
            "timestamp": "2026-06-28 21:56:12,979",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x74207007",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 145
          },
          {
            "timestamp": "2026-06-28 21:56:12,995",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ucrtbase_clr0400"
              },
              {
                "name": "DllBase",
                "value": "0x73960000"
              }
            ],
            "repeated": 0,
            "id": 146
          },
          {
            "timestamp": "2026-06-28 21:56:12,995",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\VCRUNTIME140_CLR0400"
              },
              {
                "name": "DllBase",
                "value": "0x73a10000"
              }
            ],
            "repeated": 0,
            "id": 147
          },
          {
            "timestamp": "2026-06-28 21:56:12,995",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr"
              },
              {
                "name": "DllBase",
                "value": "0x73a30000"
              }
            ],
            "repeated": 0,
            "id": 148
          },
          {
            "timestamp": "2026-06-28 21:56:12,995",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x739f9eae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 149
          },
          {
            "timestamp": "2026-06-28 21:56:12,995",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x739f9eae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 150
          },
          {
            "timestamp": "2026-06-28 21:56:13,010",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x739e6aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 151
          },
          {
            "timestamp": "2026-06-28 21:56:13,010",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x739e6aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 152
          },
          {
            "timestamp": "2026-06-28 21:56:13,010",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x739e6aae",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-localization-l1-2-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 153
          },
          {
            "timestamp": "2026-06-28 21:56:13,010",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a14906",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 154
          },
          {
            "timestamp": "2026-06-28 21:56:13,010",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a14906",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-fibers-l1-1-1"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 155
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a30000"
              }
            ],
            "repeated": 0,
            "id": 156
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73a30000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 157
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73a30000"
              },
              {
                "name": "FunctionName",
                "value": "SetRuntimeInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73be0de0"
              }
            ],
            "repeated": 0,
            "id": 158
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 159
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b94b06",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "USER32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 160
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64090"
              }
            ],
            "repeated": 0,
            "id": 161
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 162
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 163
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64180"
              }
            ],
            "repeated": 0,
            "id": 164
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x7420ce46",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74285000"
              },
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 165
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73a30000"
              },
              {
                "name": "FunctionName",
                "value": "_CorExeMain"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73be7420"
              }
            ],
            "repeated": 0,
            "id": 166
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73b060e9",
            "parentcaller": "0x73be71cd",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 167
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73bebad9",
            "parentcaller": "0x73be7445",
            "category": "misc",
            "api": "GetCommandLineW",
            "status": true,
            "return": "0x012b1016",
            "arguments": [
              {
                "name": "CommandLine",
                "value": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\" "
              }
            ],
            "repeated": 0,
            "id": 168
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73b96ba6",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 169
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73b96bf0",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 170
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73b96c1e",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "DisableConfigCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache"
              }
            ],
            "repeated": 0,
            "id": 171
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73b96c39",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              }
            ],
            "repeated": 0,
            "id": 172
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73be041f",
            "parentcaller": "0x73ba08b6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 173
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73be041f",
            "parentcaller": "0x73ba08b6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 174
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73be0466",
            "parentcaller": "0x73ba08b6",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "InstallRoot"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot"
              }
            ],
            "repeated": 0,
            "id": 175
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x73be0466",
            "parentcaller": "0x73ba08b6",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\"
              }
            ],
            "repeated": 0,
            "id": 176
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be1132",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-quirks-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 177
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be1132",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-quirks-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 178
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "QuirkIsEnabled3"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b78420"
              }
            ],
            "repeated": 0,
            "id": 179
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "QuirkGetData2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75bdc600"
              }
            ],
            "repeated": 0,
            "id": 180
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be1571",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74cf0000"
              }
            ],
            "repeated": 0,
            "id": 181
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be1571",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74cf0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-appmodel-runtime-l1-1-2.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 182
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "AppPolicyGetClrCompat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3a00"
              }
            ],
            "repeated": 0,
            "id": 183
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3d80"
              }
            ],
            "repeated": 0,
            "id": 184
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackageInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3db0"
              }
            ],
            "repeated": 0,
            "id": 185
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "kernel.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74cf0000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentPackagePath"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74cf3dd0"
              }
            ],
            "repeated": 0,
            "id": 186
          },
          {
            "timestamp": "2026-06-28 21:56:13,026",
            "thread_id": "2784",
            "caller": "0x75b8f218",
            "parentcaller": "0x73be1381",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 187
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be5e5c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 188
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AcquireSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f42340"
              }
            ],
            "repeated": 0,
            "id": 189
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseSRWLockExclusive"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f424e0"
              }
            ],
            "repeated": 0,
            "id": 190
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 191
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 192
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 193
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bcd8cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 194
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2e970"
              }
            ],
            "repeated": 0,
            "id": 195
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74650000"
              }
            ],
            "repeated": 0,
            "id": 196
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74650000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 197
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74661af0"
              }
            ],
            "repeated": 0,
            "id": 198
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 199
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 200
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "CreateConfigStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x742096a0"
              }
            ],
            "repeated": 0,
            "id": 201
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 202
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000268"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 203
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 204
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x75b90e6c",
            "parentcaller": "0x74201df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000268"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 205
          },
          {
            "timestamp": "2026-06-28 21:56:13,042",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 206
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b90e6c",
            "parentcaller": "0x74201df9",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000268"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "roup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cac"
              },
              {
                "name": "Length",
                "value": "22306"
              }
            ],
            "repeated": 0,
            "id": 207
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x742100b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000268"
              }
            ],
            "repeated": 0,
            "id": 208
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be5ffe",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 209
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetNumaHighestNodeNumber"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751498f0"
              }
            ],
            "repeated": 0,
            "id": 210
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75bacc3a",
            "parentcaller": "0x73be602d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "55"
              }
            ],
            "repeated": 0,
            "id": 211
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73bdd852",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a3e000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 212
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x73bcd90b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 213
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "FlsSetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751511e0"
              }
            ],
            "repeated": 0,
            "id": 214
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514e770"
              }
            ],
            "repeated": 0,
            "id": 215
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "FlsAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151e20"
              }
            ],
            "repeated": 0,
            "id": 216
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "FlsFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152050"
              }
            ],
            "repeated": 0,
            "id": 217
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73b05f87",
            "parentcaller": "0x73bdda6d",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 218
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x76f3002d",
            "parentcaller": "0x75b94e1d",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 219
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f5ef",
            "parentcaller": "0x73bcd0bb",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 220
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73bdd852",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a3f000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 221
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73bdd852",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73a3f000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 222
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x76f305bb",
            "parentcaller": "0x76f3010b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 4,
            "id": 223
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73bda69a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 224
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73bda782",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\HTMLive.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 225
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a7e66b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\fusion.localgac"
              }
            ],
            "repeated": 0,
            "id": 226
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73be1b48",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 227
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73be1b74",
            "parentcaller": "0x73be1d2d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "ValueName",
                "value": "CacheLocation"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation"
              }
            ],
            "repeated": 0,
            "id": 228
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73be1b91",
            "parentcaller": "0x73be1d2d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 229
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be1dbf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "KERNEL32.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 230
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemWindowsDirectoryW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149500"
              }
            ],
            "repeated": 0,
            "id": 231
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73be5bc8",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 232
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73be5bfd",
            "parentcaller": "0x73bda7fc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              },
              {
                "name": "ValueName",
                "value": "DownloadCacheQuotaInKB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB"
              }
            ],
            "repeated": 0,
            "id": 233
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73be5c2b",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion"
              }
            ],
            "repeated": 0,
            "id": 234
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73be5c4d",
            "parentcaller": "0x73bda7fc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000284"
              }
            ],
            "repeated": 0,
            "id": 235
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda80f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "EnableLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog"
              }
            ],
            "repeated": 0,
            "id": 236
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda828",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "LoggingLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel"
              }
            ],
            "repeated": 0,
            "id": 237
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda840",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "ForceLog"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog"
              }
            ],
            "repeated": 0,
            "id": 238
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda858",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "LogFailures"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures"
              }
            ],
            "repeated": 0,
            "id": 239
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda870",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "LogResourceBinds"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds"
              }
            ],
            "repeated": 0,
            "id": 240
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda8ed",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "FileInUseRetryAttempts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts"
              }
            ],
            "repeated": 0,
            "id": 241
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda90f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "FileInUseMillisecondsBetweenRetries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries"
              }
            ],
            "repeated": 0,
            "id": 242
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda971",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "UseLegacyIdentityFormat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat"
              }
            ],
            "repeated": 0,
            "id": 243
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bda98f",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "DisableMSIPeek"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek"
              }
            ],
            "repeated": 0,
            "id": 244
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda9c2",
            "parentcaller": "0x73bcc5de",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 245
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73bce088",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              },
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
              }
            ],
            "repeated": 0,
            "id": 246
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73bce0a1",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              },
              {
                "name": "ValueName",
                "value": "DevOverrideEnable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable"
              }
            ],
            "repeated": 0,
            "id": 247
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x73bce0c3",
            "parentcaller": "0x73bdaa15",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000280"
              }
            ],
            "repeated": 0,
            "id": 248
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bdc497",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 249
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e9a0"
              }
            ],
            "repeated": 0,
            "id": 250
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f218",
            "parentcaller": "0x73bce257",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 251
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ebe0"
              }
            ],
            "repeated": 0,
            "id": 252
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ea80"
              }
            ],
            "repeated": 0,
            "id": 253
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568f580"
              }
            ],
            "repeated": 0,
            "id": 254
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000280"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Global\\Cor_Private_IPCBlock_v4_4500"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 255
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b9da9b",
            "parentcaller": "0x73bdde07",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000280"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01260000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3f3a8"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 256
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bdc497",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 257
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e9a0"
              }
            ],
            "repeated": 0,
            "id": 258
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f218",
            "parentcaller": "0x73bce257",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 259
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be25c0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\combase.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 260
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73be25c0",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75760000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\system32\\combase.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 261
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "RoInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x757cfbf0"
              }
            ],
            "repeated": 0,
            "id": 262
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ebe0"
              }
            ],
            "repeated": 0,
            "id": 263
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ea80"
              }
            ],
            "repeated": 0,
            "id": 264
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568f580"
              }
            ],
            "repeated": 0,
            "id": 265
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bdc90d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 266
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddSIDToBoundaryDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149830"
              }
            ],
            "repeated": 0,
            "id": 267
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreateBoundaryDescriptorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149710"
              }
            ],
            "repeated": 0,
            "id": 268
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreatePrivateNamespaceW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751495c0"
              }
            ],
            "repeated": 0,
            "id": 269
          },
          {
            "timestamp": "2026-06-28 21:56:13,057",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "OpenPrivateNamespaceW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751499d0"
              }
            ],
            "repeated": 0,
            "id": 270
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x76f305bb",
            "parentcaller": "0x76f3010b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 3,
            "id": 271
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bdc497",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "advapi32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 272
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AllocateAndInitializeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e9a0"
              }
            ],
            "repeated": 0,
            "id": 273
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b8f218",
            "parentcaller": "0x73bce257",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 274
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeAcl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ebe0"
              }
            ],
            "repeated": 0,
            "id": 275
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "AddAccessAllowedAce"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ea80"
              }
            ],
            "repeated": 0,
            "id": 276
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "FreeSid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568f580"
              }
            ],
            "repeated": 0,
            "id": 277
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 278
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75b9285d",
            "parentcaller": "0x73fb0c86",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              }
            ],
            "repeated": 0,
            "id": 279
          },
          {
            "timestamp": "2026-06-28 21:56:13,073",
            "thread_id": "2784",
            "caller": "0x75ba4a2b",
            "parentcaller": "0x75ba49cf",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 280
          },
          {
            "timestamp": "2026-06-28 21:56:13,089",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 281
          },
          {
            "timestamp": "2026-06-28 21:56:13,089",
            "thread_id": "2784",
            "caller": "0x75b9285d",
            "parentcaller": "0x73fb0c86",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              }
            ],
            "repeated": 0,
            "id": 282
          },
          {
            "timestamp": "2026-06-28 21:56:13,089",
            "thread_id": "2784",
            "caller": "0x75ba4a2b",
            "parentcaller": "0x75ba49cf",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 283
          },
          {
            "timestamp": "2026-06-28 21:56:13,104",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 284
          },
          {
            "timestamp": "2026-06-28 21:56:13,104",
            "thread_id": "2784",
            "caller": "0x75b9285d",
            "parentcaller": "0x73fb0c86",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000002"
              },
              {
                "name": "ObjectAttributes",
                "value": "Cor_SxSPublic_IPCBlock"
              }
            ],
            "repeated": 0,
            "id": 285
          },
          {
            "timestamp": "2026-06-28 21:56:13,104",
            "thread_id": "2784",
            "caller": "0x75ba4a2b",
            "parentcaller": "0x75ba49cf",
            "category": "system",
            "api": "NtDelayExecution",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 286
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 287
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bce507",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 288
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteBoundaryDescriptor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751497d0"
              }
            ],
            "repeated": 0,
            "id": 289
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 290
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01270000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 291
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75151e6a",
            "parentcaller": "0x73be011d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 292
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73bdf7fb",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0"
              },
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0"
              }
            ],
            "repeated": 0,
            "id": 293
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73bdf84f",
            "parentcaller": "0x73acd2dd",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              },
              {
                "name": "ValueName",
                "value": "OptimizeUsedBinaries"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries"
              }
            ],
            "repeated": 0,
            "id": 294
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73b250ac",
            "parentcaller": "0x73f69685",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000028c"
              }
            ],
            "repeated": 0,
            "id": 295
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\HTMLive.exe.log"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "no"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 296
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01290000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 297
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 298
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 299
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 300
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01271000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 301
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04630000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 302
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 303
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01300000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 304
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be0b3a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 305
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "WerRegisterRuntimeExceptionModule"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149810"
              }
            ],
            "repeated": 0,
            "id": 306
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75bab09e",
            "parentcaller": "0x75b9491b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04650000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 307
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b8fb07",
            "parentcaller": "0x75babec1",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 308
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b94155",
            "parentcaller": "0x75b7b76f",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 309
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b940c6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 310
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75bab09e",
            "parentcaller": "0x75b94234",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 311
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x75b94270",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 312
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73bdaedd",
            "parentcaller": "0x73bdaf13",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x046f0000",
            "arguments": [
              {
                "name": "Options",
                "value": "0"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 313
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73bdaedd",
            "parentcaller": "0x73bdaf28",
            "category": "misc",
            "api": "HeapCreate",
            "status": true,
            "return": "0x046a0000",
            "arguments": [
              {
                "name": "Options",
                "value": "262144"
              },
              {
                "name": "InitialSize",
                "value": "0x00000000"
              },
              {
                "name": "MaximumSize",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 314
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01301000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 315
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be34f5",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 316
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "RaiseException"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751505b0"
              }
            ],
            "repeated": 0,
            "id": 317
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x73be379e",
            "parentcaller": "0x73be37e4",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 318
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b8fb07",
            "parentcaller": "0x75b8f25e",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              },
              {
                "name": "MutexName",
                "value": ""
              },
              {
                "name": "InitialOwner",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 319
          },
          {
            "timestamp": "2026-06-28 21:56:13,120",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x73bceda4",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 320
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73be6710"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3548"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 321
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000002c0",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73be6710"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3548"
              }
            ],
            "repeated": 0,
            "id": 322
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75babca3",
            "parentcaller": "0x73be66ea",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002c0"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3548"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 323
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x73be3827",
            "parentcaller": "0x73be3867",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 324
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x73bcc8e8",
            "parentcaller": "0x73bcb66a",
            "category": "hooking",
            "api": "RtlAddVectoredExceptionHandler",
            "status": true,
            "return": "0x012e3490",
            "arguments": [
              {
                "name": "First",
                "value": "1"
              },
              {
                "name": "Handler",
                "value": "0x73b305a0"
              }
            ],
            "repeated": 0,
            "id": 325
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73bcede8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              }
            ],
            "repeated": 0,
            "id": 326
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "24"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74664420"
              }
            ],
            "repeated": 0,
            "id": 327
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "24"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7420e3f0"
              }
            ],
            "repeated": 0,
            "id": 328
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x7420c6f8",
            "parentcaller": "0x7420c799",
            "category": "hooking",
            "api": "SetUnhandledExceptionFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "ExceptionFilter",
                "value": "0x742536d0"
              }
            ],
            "repeated": 0,
            "id": 329
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01303000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 330
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b9fd84",
            "parentcaller": "0x73b63c2f",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000002c8"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 331
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73b63c6f",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 332
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b92e80"
              }
            ],
            "repeated": 0,
            "id": 333
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x73b05f87",
            "parentcaller": "0x73b05fa6",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 334
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b8f5ef",
            "parentcaller": "0x73bcd0bb",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Global\\CLR_PerfMon_StartEnumEvent"
              }
            ],
            "repeated": 0,
            "id": 335
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01304000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 336
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "FlsGetValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b92e80"
              }
            ],
            "repeated": 1,
            "id": 337
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 338
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 339
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "3548",
            "caller": "0x73b05f87",
            "parentcaller": "0x73b05fa6",
            "category": "threading",
            "api": "SetThreadStackGuarantee",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "InputSize",
                "value": "4096"
              },
              {
                "name": "OutputSize",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 340
          },
          {
            "timestamp": "2026-06-28 21:56:13,135",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be3c5a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-memory-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 341
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be3c6b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-libraryloader-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 342
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73be3c89",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 343
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "SetSystemFileCacheSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c310b0"
              }
            ],
            "repeated": 0,
            "id": 344
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtSetSystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74470"
              }
            ],
            "repeated": 0,
            "id": 345
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "PrivIsDllSynchronizationHeld"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 346
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01293000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 347
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b92644",
            "parentcaller": "0x73b24ec1",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 348
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73b24f07",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 349
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73b24f8a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x985.\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 350
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73b25004",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002dc"
              }
            ],
            "repeated": 0,
            "id": 351
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73b449c5",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 352
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2e970"
              }
            ],
            "repeated": 0,
            "id": 353
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 354
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba47a2",
            "parentcaller": "0x75ba4765",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 355
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x02000000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 356
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x73b37c7e",
            "parentcaller": "0x73bcf4e2",
            "category": "misc",
            "api": "GlobalMemoryStatusEx",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MemoryLoad",
                "value": "47"
              },
              {
                "name": "TotalPhysicalMB",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 357
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x075e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a0000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 358
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x075e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 359
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01305000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 360
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 361
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 362
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0130e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 363
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x75b7ceb2",
            "parentcaller": "0x73bcf6c5",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000030c"
              },
              {
                "name": "EventName",
                "value": "\\KernelObjects\\LowMemoryCondition"
              }
            ],
            "repeated": 0,
            "id": 364
          },
          {
            "timestamp": "2026-06-28 21:56:13,151",
            "thread_id": "2784",
            "caller": "0x73b060e9",
            "parentcaller": "0x73b06350",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 365
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000330"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73b04be0"
              },
              {
                "name": "Parameter",
                "value": "0x01310628"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3768"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "clr.dll"
              }
            ],
            "repeated": 0,
            "id": 366
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75ba5297",
            "parentcaller": "0x75150f37",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000330",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73b04be0"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "Parameter",
                "value": "0x01310628"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000004"
              },
              {
                "name": "ThreadId",
                "value": "3768"
              }
            ],
            "repeated": 0,
            "id": 367
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75babca3",
            "parentcaller": "0x73b062b8",
            "category": "threading",
            "api": "NtResumeThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000330"
              },
              {
                "name": "SuspendCount",
                "value": "1"
              },
              {
                "name": "ThreadId",
                "value": "3768"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 368
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 369
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 370
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x73b84223",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 371
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be01d8",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing"
              },
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing"
              }
            ],
            "repeated": 0,
            "id": 372
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "EntityFramework, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 373
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01312000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 374
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01313000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 375
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01314000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 376
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "Name",
                "value": "EntityFramework.PowerShell, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework.PowerShell, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 377
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "Name",
                "value": "EntityFramework.PowerShell.Utility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\EntityFramework.PowerShell.Utility, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 378
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.FriendlyUrls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.FriendlyUrls, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 379
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Membership.OpenAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Membership.OpenAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 380
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Mvc.Facebook, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Mvc.Facebook, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 381
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Client, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Client, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 382
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Core, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Core, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 383
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Owin, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Owin, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 384
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.Redis, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.Redis, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 385
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01315000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 386
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 387
          },
          {
            "timestamp": "2026-06-28 21:56:13,167",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.SqlServer, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.SqlServer, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 388
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.SignalR.SystemWeb, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.SignalR.SystemWeb, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 389
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "Name",
                "value": "Microsoft.AspNet.Web.Optimization.WebForms, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.AspNet.Web.Optimization.WebForms, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 390
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "Name",
                "value": "Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Owin.Host.HttpListener, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 391
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "Name",
                "value": "Microsoft.Owin.Host.SystemWeb, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Owin.Host.SystemWeb, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 392
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "Name",
                "value": "Microsoft.VisualStudio.Web.Mvc.3.0, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.VisualStudio.Web.Mvc.3.0, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 393
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "Name",
                "value": "Microsoft.VisualStudio.Web.Mvc.4.0, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.VisualStudio.Web.Mvc.4.0, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 394
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01316000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 395
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "Name",
                "value": "Microsoft.Web.WebPages.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\Microsoft.Web.WebPages.OAuth, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 396
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "Name",
                "value": "migrate, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\migrate, Culture=neutral, PublicKeyToken=b77a5c561934e089"
              }
            ],
            "repeated": 0,
            "id": 397
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01318000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 398
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "Name",
                "value": "signalr, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\signalr, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 399
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "Name",
                "value": "System.Composition.AttributedModel, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.AttributedModel, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 400
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "Name",
                "value": "System.Composition.AttributedModel, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.AttributedModel, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 401
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "Name",
                "value": "System.Composition.Convention, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Convention, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 402
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "Name",
                "value": "System.Composition.Convention, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Convention, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 403
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "Name",
                "value": "System.Composition.Hosting, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Hosting, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 404
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "Name",
                "value": "System.Composition.Hosting, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.Hosting, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 405
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "Name",
                "value": "System.Composition.TypedParts, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.TypedParts, Version=1.0.15.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 406
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "Name",
                "value": "System.Composition.TypedParts, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Composition.TypedParts, Version=1.0.16.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 407
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "Name",
                "value": "System.Net.Http, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Net.Http, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 408
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b92644",
            "parentcaller": "0x73bcfd80",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 409
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73bcfdc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 410
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b9106a",
            "parentcaller": "0x73bcfe07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 411
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b92644",
            "parentcaller": "0x73bcfd80",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 412
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73bcfdc7",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 413
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b9106a",
            "parentcaller": "0x73bcfe07",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000340"
              }
            ],
            "repeated": 0,
            "id": 414
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b8f218",
            "parentcaller": "0x73be5634",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000400",
                "pretty_value": "PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 415
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "Name",
                "value": "System.Net.Http.WebRequest, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Net.Http.WebRequest, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 416
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "Name",
                "value": "System.Threading.Tasks.Dataflow, Version=4.5.6.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Threading.Tasks.Dataflow, Version=4.5.6.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 417
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75b9106a",
            "parentcaller": "0x73be5733",
            "category": "system",
            "api": "NtClose",
            "status": false,
            "return": "0xffffffffc0000008",
            "pretty_return": "INVALID_HANDLE",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 418
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 419
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "Name",
                "value": "System.Threading.Tasks.Dataflow, Version=4.5.8.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Threading.Tasks.Dataflow, Version=4.5.8.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 420
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "Name",
                "value": "System.Threading.Tasks.Dataflow, Version=4.5.9.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Threading.Tasks.Dataflow, Version=4.5.9.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 421
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "Name",
                "value": "System.Web.Helpers, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Helpers, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 422
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "Name",
                "value": "System.Web.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 423
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 424
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.SelfHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.SelfHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 425
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.Tracing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.Tracing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 426
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "Name",
                "value": "System.Web.Http.WebHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Http.WebHost, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 427
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "Name",
                "value": "System.Web.Mvc, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Mvc, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 428
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "Name",
                "value": "System.Web.Optimization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Optimization, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 429
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "Name",
                "value": "System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 430
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "Name",
                "value": "System.Web.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 431
          },
          {
            "timestamp": "2026-06-28 21:56:13,182",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 432
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Administration, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Administration, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 433
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0131e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 434
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Deployment, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Deployment, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 435
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "Name",
                "value": "System.Web.WebPages.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\System.Web.WebPages.Razor, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 436
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "Name",
                "value": "WebMatrix.Data, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\WebMatrix.Data, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 437
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "Name",
                "value": "WebMatrix.WebData, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\WebMatrix.WebData, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
              }
            ],
            "repeated": 0,
            "id": 438
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73be0225",
            "parentcaller": "0x73bcca3e",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "Name",
                "value": ""
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\policy\\Servicing\\"
              }
            ],
            "repeated": 0,
            "id": 439
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73b250ac",
            "parentcaller": "0x73be034d",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 440
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9ac9b",
            "parentcaller": "0x75b89dfe",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 441
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "3768",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73950000"
              }
            ],
            "repeated": 0,
            "id": 442
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "3768",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73950000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 443
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "3768",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73950000"
              },
              {
                "name": "FunctionName",
                "value": "WTSEnumerateProcessesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73955ed0"
              }
            ],
            "repeated": 0,
            "id": 444
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 445
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9530a",
            "parentcaller": "0x75b95102",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 446
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9553c",
            "parentcaller": "0x75b9511c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 447
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b95130",
            "parentcaller": "0x75b9505d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 448
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9530a",
            "parentcaller": "0x75b95102",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 449
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9553c",
            "parentcaller": "0x75b9511c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
              }
            ],
            "repeated": 0,
            "id": 450
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b95130",
            "parentcaller": "0x75b9507b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 451
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9553c",
            "parentcaller": "0x75b97ea1",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000094"
              },
              {
                "name": "ValueName",
                "value": "000603xx"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "kernel32.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx"
              }
            ],
            "repeated": 0,
            "id": 452
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75b97f3e",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 453
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x75b97f4f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "SortGetHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514e880"
              }
            ],
            "repeated": 0,
            "id": 454
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x75b97f60",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "SortCloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751497e0"
              }
            ],
            "repeated": 0,
            "id": 455
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 456
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000033c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000338"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
              }
            ],
            "repeated": 0,
            "id": 457
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9da9b",
            "parentcaller": "0x7514f068",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000033c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x077c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3f324"
              },
              {
                "name": "ViewSize",
                "value": "0x00338000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 458
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7514f079",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000033c"
              }
            ],
            "repeated": 0,
            "id": 459
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7514f080",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000338"
              }
            ],
            "repeated": 0,
            "id": 460
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x7514ed98",
            "parentcaller": "0x7514eba1",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids"
              }
            ],
            "repeated": 0,
            "id": 461
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x7514ec10",
            "parentcaller": "0x7514e9b3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "en-US"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US"
              }
            ],
            "repeated": 0,
            "id": 462
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x7514ec10",
            "parentcaller": "0x7514e9b3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000338"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en"
              }
            ],
            "repeated": 0,
            "id": 463
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "3768",
            "caller": "0x73f19cbd",
            "parentcaller": "0x73f19da0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\WINSTA"
              },
              {
                "name": "DllBase",
                "value": "0x73900000"
              }
            ],
            "repeated": 0,
            "id": 464
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01321000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 465
          },
          {
            "timestamp": "2026-06-28 21:56:13,198",
            "thread_id": "2784",
            "caller": "0x73adb4dd",
            "parentcaller": "0x73b7f9d7",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\"
              }
            ],
            "repeated": 0,
            "id": 466
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a92b56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 467
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x73f19cbd",
            "parentcaller": "0x73f19da0",
            "category": "process",
            "api": "WTSEnumerateProcessesW",
            "status": true,
            "return": "0x00000001",
            "arguments": [],
            "repeated": 0,
            "id": 468
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 469
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WTSAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73950000"
              },
              {
                "name": "FunctionName",
                "value": "WTSFreeMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x739524a0"
              }
            ],
            "repeated": 0,
            "id": 470
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 471
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b92644",
            "parentcaller": "0x73be597d",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 472
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73be59bd",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 473
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73be5a40",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd83.\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 474
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b9106a",
            "parentcaller": "0x73be5a90",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000344"
              }
            ],
            "repeated": 0,
            "id": 475
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000348"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 476
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 477
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75ba27e6",
            "parentcaller": "0x75b8f6e4",
            "category": "synchronization",
            "api": "NtCreateEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "EventName",
                "value": "Global\\CPFATE_4500_v4.0.30319"
              },
              {
                "name": "EventType",
                "value": "1"
              },
              {
                "name": "InitialState",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 478
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 479
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 480
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x73a533f0",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 481
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x73a533f0",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 482
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73f2c112",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 483
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151eb0"
              }
            ],
            "repeated": 0,
            "id": 484
          },
          {
            "timestamp": "2026-06-28 21:56:13,214",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x73a8ef74",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01318d30",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1bf898e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ace3"
              }
            ],
            "repeated": 0,
            "id": 485
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a7e66b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 486
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 487
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x73ac629e",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 488
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90e6c",
            "parentcaller": "0x73ac62de",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\r\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x00\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00(M;7\\xde\\xac\\xd5\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe8\\xabV\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x02\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xcdb)\\xd8=b\\x1fM\\xa1y>\\xad9\\x90\\xe3g"
              },
              {
                "name": "Length",
                "value": "176"
              }
            ],
            "repeated": 0,
            "id": 489
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73ac6304",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 490
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a918ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 491
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x73a8e37a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 492
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x73a8ef74",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01318e70",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\*"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf1bf898e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5ace3"
              }
            ],
            "repeated": 0,
            "id": 493
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a7e66b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll"
              }
            ],
            "repeated": 0,
            "id": 494
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 495
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x73ac629e",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 496
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90e6c",
            "parentcaller": "0x73ac62de",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
              },
              {
                "name": "Buffer",
                "value": "\\x05\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\r\\x00\\x00\\x00L\\x00\\x00\\x00mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x00\\x07\\x00\\x00\\x00\\x04\\x00\\x00\\x00\t\\x11\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x00\\x00(M;7\\xde\\xac\\xd5\\x01\\x0f\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xe8\\xabV\\x00\\x10\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x02\\x00\\x00\\x00\t\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xcdb)\\xd8=b\\x1fM\\xa1y>\\xad9\\x90\\xe3g"
              },
              {
                "name": "Length",
                "value": "176"
              }
            ],
            "repeated": 0,
            "id": 497
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73ac6304",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000036c"
              }
            ],
            "repeated": 0,
            "id": 498
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000036c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 499
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000370"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 500
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 501
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75ba9417",
            "parentcaller": "0x73a97fa7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000374"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 502
          },
          {
            "timestamp": "2026-06-28 21:56:13,229",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a918ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 503
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000370"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 504
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3e358"
              },
              {
                "name": "ViewSize",
                "value": "0x0056c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 505
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000378"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08070000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3e358"
              },
              {
                "name": "ViewSize",
                "value": "0x0056c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 506
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x73a97a25",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 507
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73a97fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000374"
              }
            ],
            "repeated": 0,
            "id": 508
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73b565ec",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 509
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x73a97a25",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08070000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 510
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73b566ad",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 511
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x73a8e37a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000368"
              }
            ],
            "repeated": 0,
            "id": 512
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000368"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 513
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 514
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75ba9417",
            "parentcaller": "0x73a97fa7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000378"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 515
          },
          {
            "timestamp": "2026-06-28 21:56:13,245",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a918ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 516
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000374"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000368"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 517
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000374"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3e958"
              },
              {
                "name": "ViewSize",
                "value": "0x0056c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 518
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000374"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08070000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3e958"
              },
              {
                "name": "ViewSize",
                "value": "0x0056c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 519
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x73a97a25",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 520
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73a97fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 521
          },
          {
            "timestamp": "2026-06-28 21:56:13,260",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73bdd322",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\StrongName"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName"
              }
            ],
            "repeated": 0,
            "id": 522
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a88b6c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.INI"
              }
            ],
            "repeated": 0,
            "id": 523
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01290000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 524
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01294000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 525
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 526
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04670000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 527
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04700000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 528
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04700000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 529
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04702000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 530
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01295000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 531
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 532
          },
          {
            "timestamp": "2026-06-28 21:56:13,276",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 533
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04705000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 534
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04706000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 535
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04707000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 536
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04708000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 537
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04709000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 538
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0470a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 539
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0470b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 540
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0470c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 541
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 542
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 543
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 544
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 545
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 546
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 547
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 548
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73be1e3c",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              },
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full"
              }
            ],
            "repeated": 0,
            "id": 549
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73bda52e",
            "parentcaller": "0x73be1e52",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Release"
              },
              {
                "name": "Data",
                "value": "528372"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release"
              }
            ],
            "repeated": 0,
            "id": 550
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73be1e86",
            "parentcaller": "0x73be1efb",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 551
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x76f305bb",
            "parentcaller": "0x76f3010b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 552
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 553
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73be8d0e",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA"
              }
            ],
            "repeated": 0,
            "id": 554
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 555
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 556
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 557
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "VERSION.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741f0000"
              }
            ],
            "repeated": 0,
            "id": 558
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x741f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "VERSION.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 559
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15c0"
              }
            ],
            "repeated": 0,
            "id": 560
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 561
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73ac7572",
            "parentcaller": "0x73ac75d2",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x00000834",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 562
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 563
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15e0"
              }
            ],
            "repeated": 0,
            "id": 564
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 565
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x73ac78ae",
            "parentcaller": "0x73ac75f8",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll"
              }
            ],
            "repeated": 0,
            "id": 566
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 567
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f1560"
              }
            ],
            "repeated": 0,
            "id": 568
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 569
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0132b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 570
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01323000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 571
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 572
          },
          {
            "timestamp": "2026-06-28 21:56:13,323",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 573
          },
          {
            "timestamp": "2026-06-28 21:56:13,339",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 574
          },
          {
            "timestamp": "2026-06-28 21:56:13,339",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 575
          },
          {
            "timestamp": "2026-06-28 21:56:13,339",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01323000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 576
          },
          {
            "timestamp": "2026-06-28 21:56:13,339",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b07000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 577
          },
          {
            "timestamp": "2026-06-28 21:56:13,339",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 578
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 579
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0132b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 580
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 581
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 582
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 583
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 584
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 585
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x065e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 586
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 587
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 588
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 589
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 590
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 591
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b24000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 592
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 593
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 594
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 595
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 596
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 597
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 598
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 599
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 600
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b32000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 601
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b91571",
            "parentcaller": "0x7514e2b9",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 602
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x7514e2c9",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 603
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01318db0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x3a6eea36"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 604
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 605
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01318eb0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeedf2ef8"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 606
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 607
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01318f70",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee3f58c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 608
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 609
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013193b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 610
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 611
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013191f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xeee655e5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0776"
              }
            ],
            "repeated": 0,
            "id": 612
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 613
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x7514e434",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013194b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe608f015"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01dd0748"
              }
            ],
            "repeated": 0,
            "id": 614
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75ba4678",
            "parentcaller": "0x7514e44d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000370"
              }
            ],
            "repeated": 0,
            "id": 615
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b91571",
            "parentcaller": "0x7514e569",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 616
          },
          {
            "timestamp": "2026-06-28 21:56:13,354",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x75146d41",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 617
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b91571",
            "parentcaller": "0x75147095",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 618
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000380"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 619
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75ba9417",
            "parentcaller": "0x73a97fa7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000380"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 620
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a918ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 621
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73a97fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000380"
              }
            ],
            "repeated": 0,
            "id": 622
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 623
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 624
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 625
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x754f0000"
              }
            ],
            "repeated": 0,
            "id": 626
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x754f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 627
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoInitializeEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75807f20"
              }
            ],
            "repeated": 0,
            "id": 628
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 629
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b94081",
            "parentcaller": "0x757d2447",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 630
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x757d0b62",
            "parentcaller": "0x757d0b02",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "0",
                "pretty_value": "FILE_SUPERSEDE"
              }
            ],
            "repeated": 0,
            "id": 631
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 632
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 633
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 634
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000038c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769d0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 635
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 636
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 637
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a2a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 638
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4f089",
            "parentcaller": "0x76f52308",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 639
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76a2a000"
              },
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 640
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 641
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 642
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 643
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              }
            ],
            "repeated": 0,
            "id": 644
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000038c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 645
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000038c"
              }
            ],
            "repeated": 0,
            "id": 646
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\bcryptPrimitives"
              },
              {
                "name": "DllBase",
                "value": "0x769d0000"
              }
            ],
            "repeated": 0,
            "id": 647
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76a039a4",
            "parentcaller": "0x769f92d7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 648
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76a039c1",
            "parentcaller": "0x769f92d7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "STE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE"
              }
            ],
            "repeated": 0,
            "id": 649
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76a039ef",
            "parentcaller": "0x769f92d7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 650
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f9826",
            "parentcaller": "0x769f972c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 651
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f9848",
            "parentcaller": "0x769f972c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 652
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f98d5",
            "parentcaller": "0x769f972c",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 653
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f98f7",
            "parentcaller": "0x769f972c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000037c"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 654
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f994a",
            "parentcaller": "0x769f972c",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000378"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 655
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f9975",
            "parentcaller": "0x769f972c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000378"
              }
            ],
            "repeated": 0,
            "id": 656
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f9983",
            "parentcaller": "0x769f972c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000037c"
              }
            ],
            "repeated": 0,
            "id": 657
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f9780",
            "parentcaller": "0x769f9341",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration"
              }
            ],
            "repeated": 0,
            "id": 658
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f96d4",
            "parentcaller": "0x769f9633",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000037c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "\\Device\\CNG"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 659
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f965e",
            "parentcaller": "0x769f95d5",
            "category": "device",
            "api": "DeviceIoControl",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DeviceHandle",
                "value": "0x0000037c"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390008",
                "pretty_value": "IOCTL_KSEC_RANDOM_FILL_BUFFER"
              },
              {
                "name": "InBuffer",
                "value": ""
              },
              {
                "name": "OutBuffer",
                "value": "4I\\xb9\\x02\\xc7\\xd8\\xc9\\xb1\\xbb\\xec\n\\x9dzD\\xe2\\x9b\\x956\\xf9\\x9a\\x84\\x82z\\xe0[\\xfaF\\x15^\\xb5l\\xd8\\xbd\\x91\\xcb\\x01`\\x04\\xdbF\\x03\r\\xb7\\x1a-\\x13\\x02\\x8f"
              }
            ],
            "repeated": 0,
            "id": 660
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x769f965e",
            "parentcaller": "0x769f95d5",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\bcryptprimitives"
              },
              {
                "name": "BaseAddress",
                "value": "0x769d0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x76a03650"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 661
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 662
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75442000"
              },
              {
                "name": "ModuleName",
                "value": "RPCRT4.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 663
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 664
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 665
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75d61bb1",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\uxtheme"
              },
              {
                "name": "DllBase",
                "value": "0x73880000"
              }
            ],
            "repeated": 0,
            "id": 666
          },
          {
            "timestamp": "2026-06-28 21:56:13,370",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x75d61bb1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73880000"
              }
            ],
            "repeated": 0,
            "id": 667
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x75d61bf1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "ThemeInitApiHook"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738b4330"
              }
            ],
            "repeated": 0,
            "id": 668
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x738b457b",
            "parentcaller": "0x738b434f",
            "category": "system",
            "api": "IsDebuggerPresent",
            "status": false,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 669
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x76f538d9",
            "parentcaller": "0x76f2d794",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xed\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xd0>\\x8bs\\xcc\\x1e\\xb9\\xa0"
              }
            ],
            "repeated": 0,
            "id": 670
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x76f2d7c7",
            "parentcaller": "0x75baa0e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000398"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 671
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000398"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize"
              }
            ],
            "repeated": 0,
            "id": 672
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000039c"
              },
              {
                "name": "ValueName",
                "value": "AppsUseLightTheme"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme"
              }
            ],
            "repeated": 0,
            "id": 673
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x75b84d1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000039c"
              }
            ],
            "repeated": 0,
            "id": 674
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x738b452a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000398"
              }
            ],
            "repeated": 0,
            "id": 675
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 676
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 677
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 678
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 679
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75760000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-winrt-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 680
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "RoInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x757cfbf0"
              }
            ],
            "repeated": 0,
            "id": 681
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 682
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 683
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "RoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75895440"
              }
            ],
            "repeated": 0,
            "id": 684
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 685
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 686
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 687
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetContextToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75882900"
              }
            ],
            "repeated": 0,
            "id": 688
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75ba38ba",
            "parentcaller": "0x73b60e60",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 689
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 690
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000364"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 691
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x73a533f0",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 692
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "3768",
            "caller": "0x75b911a9",
            "parentcaller": "0x73a533f0",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000314"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 693
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 694
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73b9d8fa",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-xstate-l2-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 695
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73b9d8fa",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75a80000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-core-xstate-l2-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 696
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "GetEnabledXStateFeatures"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75bab8c0"
              }
            ],
            "repeated": 0,
            "id": 697
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x73b96ba6",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 698
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x73b96c1e",
            "parentcaller": "0x73a4918d",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000248"
              },
              {
                "name": "ValueName",
                "value": "FeatureSIMD"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD"
              }
            ],
            "repeated": 0,
            "id": 699
          },
          {
            "timestamp": "2026-06-28 21:56:13,385",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit"
              },
              {
                "name": "DllBase",
                "value": "0x737f0000"
              }
            ],
            "repeated": 0,
            "id": 700
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737f0000"
              }
            ],
            "repeated": 0,
            "id": 701
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7420fecf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x737f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 702
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737f0000"
              },
              {
                "name": "FunctionName",
                "value": "sxsJitStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73846790"
              }
            ],
            "repeated": 0,
            "id": 703
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737f0000"
              },
              {
                "name": "FunctionName",
                "value": "jitStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 704
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "clrjit.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x737f0000"
              },
              {
                "name": "FunctionName",
                "value": "getJit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73845ca0"
              }
            ],
            "repeated": 0,
            "id": 705
          },
          {
            "timestamp": "2026-06-28 21:56:13,401",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 706
          },
          {
            "timestamp": "2026-06-28 21:56:13,432",
            "thread_id": "2784",
            "caller": "0x07b27c09",
            "parentcaller": "0x07b26e76",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 707
          },
          {
            "timestamp": "2026-06-28 21:56:13,432",
            "thread_id": "2784",
            "caller": "0x07b28a1c",
            "parentcaller": "0x07b286e4",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\"
              }
            ],
            "repeated": 0,
            "id": 708
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 709
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x73a7ba0a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 710
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x760a0ff1",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\bcryptprimitives.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x769d0000"
              }
            ],
            "repeated": 0,
            "id": 711
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 712
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b63000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 713
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x73b060e9",
            "parentcaller": "0x73be71cd",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 714
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a7e66b",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config"
              }
            ],
            "repeated": 0,
            "id": 715
          },
          {
            "timestamp": "2026-06-28 21:56:13,448",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73adb635",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 1,
            "id": 716
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x73a8ef74",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\livehtml\\*"
              }
            ],
            "repeated": 1,
            "id": 717
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a88b6c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.INI"
              }
            ],
            "repeated": 0,
            "id": 718
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x73b060e9",
            "parentcaller": "0x73be71cd",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 719
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 720
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 721
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 722
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 723
          },
          {
            "timestamp": "2026-06-28 21:56:13,464",
            "thread_id": "2784",
            "caller": "0x76f305bb",
            "parentcaller": "0x76f3010b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 724
          },
          {
            "timestamp": "2026-06-28 21:56:13,479",
            "thread_id": "2784",
            "caller": "0x07b2d520",
            "parentcaller": "0x07b2cf70",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 725
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x07b2cce8",
            "parentcaller": "0x07b2ac0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04645000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 726
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x07b2cce8",
            "parentcaller": "0x07b2ac0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04640000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 727
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x07b2ccf2",
            "parentcaller": "0x07b2ac0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0464b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 728
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x07b2ccf2",
            "parentcaller": "0x07b2ac0a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04647000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 729
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x07b2d733",
            "parentcaller": "0x07b2ce38",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 730
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 731
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 732
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 733
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01335000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 734
          },
          {
            "timestamp": "2026-06-28 21:56:13,495",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01333000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 735
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 736
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              },
              {
                "name": "Milliseconds",
                "value": "3000"
              }
            ],
            "repeated": 0,
            "id": 737
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x73b7c483",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000002bc"
              }
            ],
            "repeated": 0,
            "id": 738
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73b7f0ff",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              },
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default"
              }
            ],
            "repeated": 0,
            "id": 739
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73b7eeed",
            "parentcaller": "0x73b7f110",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "Latest"
              },
              {
                "name": "Data",
                "value": "36"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest"
              }
            ],
            "repeated": 0,
            "id": 740
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\pubpol36.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 741
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73b7edbd",
            "parentcaller": "0x73b7ef7c",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "index36"
              },
              {
                "name": "Data",
                "value": "\\xff\\xff\\xff\\xff\\x0f"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index36"
              }
            ],
            "repeated": 0,
            "id": 742
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73b7efcb",
            "parentcaller": "0x73b7f110",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003a8"
              },
              {
                "name": "ValueName",
                "value": "LegacyPolicyTimeStamp"
              },
              {
                "name": "Data",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp"
              }
            ],
            "repeated": 0,
            "id": 743
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73adb635",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme"
              }
            ],
            "repeated": 0,
            "id": 744
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73adb635",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 745
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 746
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b90e6c",
            "parentcaller": "0x73b7d97a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "26401"
              }
            ],
            "repeated": 0,
            "id": 747
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73b7e612",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b4"
              }
            ],
            "repeated": 0,
            "id": 748
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73a85784",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 749
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x73a7b487",
            "parentcaller": "0x73a85784",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 750
          },
          {
            "timestamp": "2026-06-28 21:56:13,510",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a92b56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 751
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a92b56",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 752
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x73f2c112",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 753
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b980ad",
            "parentcaller": "0x7514f564",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151eb0"
              }
            ],
            "repeated": 0,
            "id": 754
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b92ee6",
            "parentcaller": "0x73a8ef74",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\*"
              }
            ],
            "repeated": 1,
            "id": 755
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 756
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 757
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75ba9417",
            "parentcaller": "0x73a97fa7",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000003b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 758
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75ba6b8e",
            "parentcaller": "0x73a918ea",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 759
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000003b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 760
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ba0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3bab0"
              },
              {
                "name": "ViewSize",
                "value": "0x0009c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 761
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000003bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07c40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3bab0"
              },
              {
                "name": "ViewSize",
                "value": "0x0009c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 762
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b9f5a5",
            "parentcaller": "0x73a97a25",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ba0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 763
          },
          {
            "timestamp": "2026-06-28 21:56:13,526",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x73a97fd8",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003b8"
              }
            ],
            "repeated": 0,
            "id": 764
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75b92da9",
            "parentcaller": "0x73a88b6c",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI"
              }
            ],
            "repeated": 0,
            "id": 765
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 766
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 767
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 768
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 769
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 770
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x76f305bb",
            "parentcaller": "0x76f3010b",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 771
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x73ac7572",
            "parentcaller": "0x73ac75d2",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x00000834",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 772
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x73ac78ae",
            "parentcaller": "0x73ac75f8",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll"
              }
            ],
            "repeated": 0,
            "id": 773
          },
          {
            "timestamp": "2026-06-28 21:56:13,542",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73a53832",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 774
          },
          {
            "timestamp": "2026-06-28 21:56:13,682",
            "thread_id": "2784",
            "caller": "0x07cf2f53",
            "parentcaller": "0x07cf2de8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0129d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 775
          },
          {
            "timestamp": "2026-06-28 21:56:13,698",
            "thread_id": "2784",
            "caller": "0x07cf5374",
            "parentcaller": "0x07b2e989",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 776
          },
          {
            "timestamp": "2026-06-28 21:56:13,698",
            "thread_id": "2784",
            "caller": "0x07cf5374",
            "parentcaller": "0x07b2e989",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 777
          },
          {
            "timestamp": "2026-06-28 21:56:13,698",
            "thread_id": "2784",
            "caller": "0x07cf5374",
            "parentcaller": "0x07b2e989",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75d20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "user32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 778
          },
          {
            "timestamp": "2026-06-28 21:56:13,698",
            "thread_id": "2784",
            "caller": "0x07cf5374",
            "parentcaller": "0x07b2e989",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 779
          },
          {
            "timestamp": "2026-06-28 21:56:13,698",
            "thread_id": "2784",
            "caller": "0x07cf5374",
            "parentcaller": "0x07b2e989",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterWindowMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61e10"
              }
            ],
            "repeated": 0,
            "id": 780
          },
          {
            "timestamp": "2026-06-28 21:56:13,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 781
          },
          {
            "timestamp": "2026-06-28 21:56:13,714",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b9b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 782
          },
          {
            "timestamp": "2026-06-28 21:56:13,714",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 783
          },
          {
            "timestamp": "2026-06-28 21:56:13,729",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07cf9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 784
          },
          {
            "timestamp": "2026-06-28 21:56:13,729",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 785
          },
          {
            "timestamp": "2026-06-28 21:56:13,729",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 786
          },
          {
            "timestamp": "2026-06-28 21:56:13,729",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75130000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 787
          },
          {
            "timestamp": "2026-06-28 21:56:13,729",
            "thread_id": "2784",
            "caller": "0x07cf892a",
            "parentcaller": "0x07cf7cee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CloseHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152ee0"
              }
            ],
            "repeated": 0,
            "id": 788
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cfa770",
            "parentcaller": "0x07cf9c0d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 789
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff99f",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152e80"
              }
            ],
            "repeated": 0,
            "id": 790
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff99f",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcessW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 791
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff9ac",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 792
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff9ac",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75670000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 793
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff9ac",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessToken"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e340"
              }
            ],
            "repeated": 0,
            "id": 794
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cff9ac",
            "parentcaller": "0x07cff3d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "OpenProcessTokenW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 795
          },
          {
            "timestamp": "2026-06-28 21:56:13,760",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07cff9ac",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003c0"
              }
            ],
            "repeated": 0,
            "id": 796
          },
          {
            "timestamp": "2026-06-28 21:56:13,792",
            "thread_id": "2784",
            "caller": "0x07d41341",
            "parentcaller": "0x07cf7d00",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000002c8"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 797
          },
          {
            "timestamp": "2026-06-28 21:56:13,823",
            "thread_id": "2784",
            "caller": "0x07cffefd",
            "parentcaller": "0x07cf7d6f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentProcess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152e80"
              }
            ],
            "repeated": 0,
            "id": 798
          },
          {
            "timestamp": "2026-06-28 21:56:13,823",
            "thread_id": "2784",
            "caller": "0x07cffefd",
            "parentcaller": "0x07cf7d6f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514e7b0"
              }
            ],
            "repeated": 0,
            "id": 799
          },
          {
            "timestamp": "2026-06-28 21:56:13,823",
            "thread_id": "2784",
            "caller": "0x07d42afe",
            "parentcaller": "0x07d429e4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "DuplicateHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152ef0"
              }
            ],
            "repeated": 0,
            "id": 800
          },
          {
            "timestamp": "2026-06-28 21:56:13,823",
            "thread_id": "2784",
            "caller": "0x07d42fc9",
            "parentcaller": "0x07d42afe",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000003e0"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 801
          },
          {
            "timestamp": "2026-06-28 21:56:13,839",
            "thread_id": "2784",
            "caller": "0x07cffefd",
            "parentcaller": "0x07cf7d6f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThreadId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514df10"
              }
            ],
            "repeated": 0,
            "id": 802
          },
          {
            "timestamp": "2026-06-28 21:56:13,839",
            "thread_id": "2784",
            "caller": "0x07d434fc",
            "parentcaller": "0x07cffefd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 803
          },
          {
            "timestamp": "2026-06-28 21:56:13,870",
            "thread_id": "2784",
            "caller": "0x07d459fd",
            "parentcaller": "0x07d45891",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 804
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47a21",
            "parentcaller": "0x07d47593",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 805
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47d2c",
            "parentcaller": "0x07d47b3a",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 806
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47d2c",
            "parentcaller": "0x07d47b3a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 807
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47d2c",
            "parentcaller": "0x07d47b3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetLocaleInfoEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150c60"
              }
            ],
            "repeated": 0,
            "id": 808
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47d2c",
            "parentcaller": "0x07d47b3a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 809
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d47d2c",
            "parentcaller": "0x07d47b3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LocaleNameToLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151e00"
              }
            ],
            "repeated": 0,
            "id": 810
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d48b70",
            "parentcaller": "0x07d48aee",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 811
          },
          {
            "timestamp": "2026-06-28 21:56:13,885",
            "thread_id": "2784",
            "caller": "0x07d48b70",
            "parentcaller": "0x07d48aee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserDefaultLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75152160"
              }
            ],
            "repeated": 0,
            "id": 812
          },
          {
            "timestamp": "2026-06-28 21:56:13,901",
            "thread_id": "2784",
            "caller": "0x07d492e7",
            "parentcaller": "0x07d49266",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 813
          },
          {
            "timestamp": "2026-06-28 21:56:13,901",
            "thread_id": "2784",
            "caller": "0x07d492e7",
            "parentcaller": "0x07d49266",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LCIDToLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151ec0"
              }
            ],
            "repeated": 0,
            "id": 814
          },
          {
            "timestamp": "2026-06-28 21:56:13,901",
            "thread_id": "2784",
            "caller": "0x07d492e7",
            "parentcaller": "0x07d495a6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 815
          },
          {
            "timestamp": "2026-06-28 21:56:13,901",
            "thread_id": "2784",
            "caller": "0x07d492e7",
            "parentcaller": "0x07d495a6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserPreferredUILanguages"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751493e0"
              }
            ],
            "repeated": 0,
            "id": 816
          },
          {
            "timestamp": "2026-06-28 21:56:13,917",
            "thread_id": "2784",
            "caller": "0x07d4cc47",
            "parentcaller": "0x07d4cb48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 817
          },
          {
            "timestamp": "2026-06-28 21:56:14,057",
            "thread_id": "2784",
            "caller": "0x07e40a1a",
            "parentcaller": "0x07e40781",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 818
          },
          {
            "timestamp": "2026-06-28 21:56:14,057",
            "thread_id": "2784",
            "caller": "0x07e40a1a",
            "parentcaller": "0x07e40781",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CompareStringOrdinal"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75146210"
              }
            ],
            "repeated": 0,
            "id": 819
          },
          {
            "timestamp": "2026-06-28 21:56:14,057",
            "thread_id": "2784",
            "caller": "0x07e40a76",
            "parentcaller": "0x07e40335",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01344000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 820
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e42639",
            "parentcaller": "0x07e42080",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 821
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e42f3d",
            "parentcaller": "0x07e42ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e430"
              }
            ],
            "repeated": 0,
            "id": 822
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e42f77",
            "parentcaller": "0x07e42ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 823
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e42f77",
            "parentcaller": "0x07e42ec9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e2c0"
              }
            ],
            "repeated": 0,
            "id": 824
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e43271",
            "parentcaller": "0x07e42f77",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\.NETFramework\\AppContext"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\AppContext"
              }
            ],
            "repeated": 0,
            "id": 825
          },
          {
            "timestamp": "2026-06-28 21:56:14,073",
            "thread_id": "2784",
            "caller": "0x07e4315a",
            "parentcaller": "0x07b2ab08",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x80000002"
              }
            ],
            "repeated": 0,
            "id": 826
          },
          {
            "timestamp": "2026-06-28 21:56:14,089",
            "thread_id": "2784",
            "caller": "0x07e44e0d",
            "parentcaller": "0x07e44d65",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 827
          },
          {
            "timestamp": "2026-06-28 21:56:14,104",
            "thread_id": "2784",
            "caller": "0x07d4ae23",
            "parentcaller": "0x07d4ad92",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\CRYPTSP"
              },
              {
                "name": "DllBase",
                "value": "0x737d0000"
              }
            ],
            "repeated": 0,
            "id": 828
          },
          {
            "timestamp": "2026-06-28 21:56:14,104",
            "thread_id": "2784",
            "caller": "0x07d4ae23",
            "parentcaller": "0x07d4ad92",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\rsaenh"
              },
              {
                "name": "DllBase",
                "value": "0x737a0000"
              }
            ],
            "repeated": 0,
            "id": 829
          },
          {
            "timestamp": "2026-06-28 21:56:14,104",
            "thread_id": "2784",
            "caller": "0x07d4ae23",
            "parentcaller": "0x07d4ad92",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737a0000"
              }
            ],
            "repeated": 11,
            "id": 830
          },
          {
            "timestamp": "2026-06-28 21:56:14,120",
            "thread_id": "2784",
            "caller": "0x07b2ccf2",
            "parentcaller": "0x07e4652b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0463a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 831
          },
          {
            "timestamp": "2026-06-28 21:56:14,120",
            "thread_id": "2784",
            "caller": "0x07b2ccf2",
            "parentcaller": "0x07e4652b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04637000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 832
          },
          {
            "timestamp": "2026-06-28 21:56:14,151",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 833
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4a3df",
            "parentcaller": "0x07e4a334",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 834
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4b434",
            "parentcaller": "0x07e4ab9a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 835
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4b434",
            "parentcaller": "0x07e4ab9a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFullPathNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751533d0"
              }
            ],
            "repeated": 0,
            "id": 836
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4c74f",
            "parentcaller": "0x07e4c631",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 837
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4c74f",
            "parentcaller": "0x07e4c631",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LCMapStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75148840"
              }
            ],
            "repeated": 0,
            "id": 838
          },
          {
            "timestamp": "2026-06-28 21:56:14,167",
            "thread_id": "2784",
            "caller": "0x07e4c74f",
            "parentcaller": "0x07e4c631",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 839
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07b2d626",
            "parentcaller": "0x07e4d2a8",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 840
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07b2d626",
            "parentcaller": "0x07e4d2a8",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76f00000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ntdll.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 841
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07b2d626",
            "parentcaller": "0x07e4d2a8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQuerySystemInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f72d30"
              }
            ],
            "repeated": 0,
            "id": 842
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07b2d626",
            "parentcaller": "0x07e4d2a8",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "206"
              }
            ],
            "repeated": 0,
            "id": 843
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4d088",
            "parentcaller": "0x07e4c948",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 844
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4d088",
            "parentcaller": "0x07e4c948",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153330"
              }
            ],
            "repeated": 0,
            "id": 845
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4d41b",
            "parentcaller": "0x07e4d088",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 846
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4d889",
            "parentcaller": "0x07e4d5ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 847
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4dffb",
            "parentcaller": "0x07e4df57",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 848
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4dffb",
            "parentcaller": "0x07e4df57",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 849
          },
          {
            "timestamp": "2026-06-28 21:56:14,182",
            "thread_id": "2784",
            "caller": "0x07e4d41b",
            "parentcaller": "0x07e4eaad",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 850
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07e4ee4a",
            "parentcaller": "0x07e4eb5c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 851
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07e4fd73",
            "parentcaller": "0x07e4ef83",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadErrorMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149660"
              }
            ],
            "repeated": 0,
            "id": 852
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07b2ff60",
            "parentcaller": "0x07e4efad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 853
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07b2ff60",
            "parentcaller": "0x07e4efad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFileW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153140"
              }
            ],
            "repeated": 0,
            "id": 854
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07e700f3",
            "parentcaller": "0x07b2ff60",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 855
          },
          {
            "timestamp": "2026-06-28 21:56:14,198",
            "thread_id": "2784",
            "caller": "0x07b2ff77",
            "parentcaller": "0x07e4efad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153390"
              }
            ],
            "repeated": 0,
            "id": 856
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 857
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 858
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\x94-\\x01\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 859
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "advapi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75670000"
              }
            ],
            "repeated": 0,
            "id": 860
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75670000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "advapi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 861
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertSidToStringSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568ddd0"
              }
            ],
            "repeated": 0,
            "id": 862
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "Handle",
                "value": "0x00000410"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 863
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 864
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 865
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76320000"
              }
            ],
            "repeated": 0,
            "id": 866
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76320000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 867
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76320000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetFolderPathW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7647db90"
              }
            ],
            "repeated": 0,
            "id": 868
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 869
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 870
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 871
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 872
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000410"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x746e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00608000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 873
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 874
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 875
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 876
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c7b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 877
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 878
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 879
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 880
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 881
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 882
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 883
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 884
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000410"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x746b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00024000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 885
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x746cf000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 886
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 887
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 888
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x746cd000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 889
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 890
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 891
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c7b000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 892
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x00\\x00\\x00\t\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc7\\xcc;\\x08\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18 2\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 893
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x746cd000"
              },
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 894
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 895
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 896
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 897
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp.dll"
              }
            ],
            "repeated": 0,
            "id": 898
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\wldp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 899
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 900
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Wldp"
              },
              {
                "name": "DllBase",
                "value": "0x746b0000"
              }
            ],
            "repeated": 0,
            "id": 901
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 902
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 903
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 904
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage.dll"
              }
            ],
            "repeated": 0,
            "id": 905
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000040c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\windows.storage.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 906
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000040c"
              }
            ],
            "repeated": 0,
            "id": 907
          },
          {
            "timestamp": "2026-06-28 21:56:14,229",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\windows.storage"
              },
              {
                "name": "DllBase",
                "value": "0x746e0000"
              }
            ],
            "repeated": 0,
            "id": 908
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\wldp"
              },
              {
                "name": "BaseAddress",
                "value": "0x746b0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x746b85a0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 909
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 910
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f64d50"
              }
            ],
            "repeated": 0,
            "id": 911
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c33860"
              }
            ],
            "repeated": 0,
            "id": 912
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6a4b0"
              }
            ],
            "repeated": 0,
            "id": 913
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 914
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 915
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\windows.storage"
              },
              {
                "name": "BaseAddress",
                "value": "0x746e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x748bb2d0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 916
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 917
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 918
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\SHCORE"
              },
              {
                "name": "DllBase",
                "value": "0x755e0000"
              }
            ],
            "repeated": 0,
            "id": 919
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\profapi"
              },
              {
                "name": "DllBase",
                "value": "0x73780000"
              }
            ],
            "repeated": 0,
            "id": 920
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 921
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000801a",
                "pretty_value": "CSIDL_FLAG_CREATE|CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\Rajesh\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 922
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71ee8",
            "parentcaller": "0x07e71df6",
            "category": "filesystem",
            "api": "SHGetFolderPathW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Folder",
                "value": "0x0000001a",
                "pretty_value": "CSIDL_APPDATA"
              },
              {
                "name": "Path",
                "value": "C:\\Users\\Default\\AppData\\Roaming"
              }
            ],
            "repeated": 0,
            "id": 923
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e71fbf",
            "parentcaller": "0x07e71f3b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 924
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e72407",
            "parentcaller": "0x07e7212f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 925
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e72407",
            "parentcaller": "0x07e7212f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileAttributesExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153330"
              }
            ],
            "repeated": 0,
            "id": 926
          },
          {
            "timestamp": "2026-06-28 21:56:14,245",
            "thread_id": "2784",
            "caller": "0x07e7256b",
            "parentcaller": "0x07e72407",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              }
            ],
            "repeated": 0,
            "id": 927
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07d417c3",
            "parentcaller": "0x07d424a8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04642000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 928
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 929
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07d7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 930
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01372000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 931
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01369000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 932
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4095"
              }
            ],
            "repeated": 0,
            "id": 933
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e730f2",
            "parentcaller": "0x07e729ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e82000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 934
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08950000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 935
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08950000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 936
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08991000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 937
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "roup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cac"
              },
              {
                "name": "Length",
                "value": "6135"
              }
            ],
            "repeated": 0,
            "id": 938
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72fce",
            "parentcaller": "0x07e72a3d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x055f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 939
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "/>\r\n            <section name=\"routing\" type=\"System.ServiceModel.Routing.Configuration.RoutingSection, System.ServiceModel.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\" />\r\n            <section name=\"tracking\" type=\"System.Se"
              },
              {
                "name": "Length",
                "value": "20434"
              }
            ],
            "repeated": 0,
            "id": 940
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e735f5",
            "parentcaller": "0x07e729ea",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05602000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 941
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000410"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "System.ServiceModel.Discovery.Configuration.DiscoveryEndpointCollectionElement, System.ServiceModel.Discovery, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\" />\r\n                <add name=\"udpDiscoveryEndpoint\" type=\"System.ServiceModel"
              },
              {
                "name": "Length",
                "value": "5318"
              }
            ],
            "repeated": 0,
            "id": 942
          },
          {
            "timestamp": "2026-06-28 21:56:14,260",
            "thread_id": "2784",
            "caller": "0x07e72890",
            "parentcaller": "0x07e71b14",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 943
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e7545b",
            "parentcaller": "0x07e745a9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 944
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e7545b",
            "parentcaller": "0x07e745a9",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 945
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e7545b",
            "parentcaller": "0x07e745a9",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76090000"
              }
            ],
            "repeated": 0,
            "id": 946
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e7545b",
            "parentcaller": "0x07e745a9",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76090000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "bcrypt.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 947
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e7545b",
            "parentcaller": "0x07e745a9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcrypt.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76090000"
              },
              {
                "name": "FunctionName",
                "value": "BCryptGetFipsAlgorithmMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76099570"
              }
            ],
            "repeated": 0,
            "id": 948
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000410"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 949
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "Enabled"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled"
              }
            ],
            "repeated": 0,
            "id": 950
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Lsa"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa"
              }
            ],
            "repeated": 0,
            "id": 951
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "FipsAlgorithmPolicy"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy"
              }
            ],
            "repeated": 0,
            "id": 952
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000410"
              },
              {
                "name": "ValueName",
                "value": "MDMEnabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled"
              }
            ],
            "repeated": 0,
            "id": 953
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000410"
              }
            ],
            "repeated": 0,
            "id": 954
          },
          {
            "timestamp": "2026-06-28 21:56:14,276",
            "thread_id": "2784",
            "caller": "0x07e75532",
            "parentcaller": "0x07e7545b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 955
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 956
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 957
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 958
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 959
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 960
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 961
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 962
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 963
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 964
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 965
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 966
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 967
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 968
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 969
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 970
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 971
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 972
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 973
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024"
              }
            ],
            "repeated": 0,
            "id": 974
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 975
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 976
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 977
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000046c"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name"
              }
            ],
            "repeated": 0,
            "id": 978
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 979
          },
          {
            "timestamp": "2026-06-28 21:56:14,292",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\rsaenh.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x737a0000"
              }
            ],
            "repeated": 0,
            "id": 980
          },
          {
            "timestamp": "2026-06-28 21:56:14,307",
            "thread_id": "2784",
            "caller": "0x07e778e0",
            "parentcaller": "0x07e77709",
            "category": "crypto",
            "api": "CryptAcquireContextW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Container",
                "value": ""
              },
              {
                "name": "Provider",
                "value": "Microsoft Enhanced RSA and AES Cryptographic Provider"
              },
              {
                "name": "Flags",
                "value": "0xf0000000"
              }
            ],
            "repeated": 0,
            "id": 981
          },
          {
            "timestamp": "2026-06-28 21:56:14,307",
            "thread_id": "2784",
            "caller": "0x07e77e80",
            "parentcaller": "0x07e779a3",
            "category": "crypto",
            "api": "CryptGenRandom",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Buffer",
                "value": "yU\\xf2\\xf7\\x14$9S"
              }
            ],
            "repeated": 0,
            "id": 982
          },
          {
            "timestamp": "2026-06-28 21:56:14,307",
            "thread_id": "2784",
            "caller": "0x07e79797",
            "parentcaller": "0x07e78825",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 983
          },
          {
            "timestamp": "2026-06-28 21:56:14,323",
            "thread_id": "2784",
            "caller": "0x07cfc417",
            "parentcaller": "0x07cfb3d2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 984
          },
          {
            "timestamp": "2026-06-28 21:56:14,339",
            "thread_id": "2784",
            "caller": "0x07e7bae5",
            "parentcaller": "0x07e7b81b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e89000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 985
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e0f2",
            "parentcaller": "0x07e7dff3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 986
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e0f2",
            "parentcaller": "0x07e7dff3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153360"
              }
            ],
            "repeated": 0,
            "id": 987
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e1f0",
            "parentcaller": "0x07e7e0f2",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x90\\x00\\x00\\x00\\x00\\x00\\x00\\x8e\\x8c\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 988
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7dec0",
            "parentcaller": "0x07e78007",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05612000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 989
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e5a7",
            "parentcaller": "0x07e7e355",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e8a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 990
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e6cb",
            "parentcaller": "0x07e7e5a7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "ReadFile"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751534c0"
              }
            ],
            "repeated": 0,
            "id": 991
          },
          {
            "timestamp": "2026-06-28 21:56:14,354",
            "thread_id": "2784",
            "caller": "0x07e7e7fa",
            "parentcaller": "0x07e7e6cb",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<!--\r\n    Please refer to machine.config.comments for a description and\r\n    the default values of each configuration section.\r\n\r\n    For a full documentation of the schema please refer to\r\n    http://go.microsoft.c"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 992
          },
          {
            "timestamp": "2026-06-28 21:56:14,370",
            "thread_id": "2784",
            "caller": "0x07f70422",
            "parentcaller": "0x07e7f737",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e63000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 993
          },
          {
            "timestamp": "2026-06-28 21:56:14,401",
            "thread_id": "2784",
            "caller": "0x07f74d51",
            "parentcaller": "0x07e7f6e3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 994
          },
          {
            "timestamp": "2026-06-28 21:56:14,401",
            "thread_id": "2784",
            "caller": "0x07f76ee6",
            "parentcaller": "0x07f76c26",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 995
          },
          {
            "timestamp": "2026-06-28 21:56:14,417",
            "thread_id": "2784",
            "caller": "0x07e7e7fa",
            "parentcaller": "0x07e7e6cb",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "oup name=\"system.runtime.caching\" type=\"System.Runtime.Caching.Configuration.CachingSectionGroup, System.Runtime.Caching, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\">\r\n            <section name=\"memoryCache\" type=\"System.Runtime.Cach"
              },
              {
                "name": "Length",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 996
          },
          {
            "timestamp": "2026-06-28 21:56:14,417",
            "thread_id": "2784",
            "caller": "0x07f76d91",
            "parentcaller": "0x07f74403",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 997
          },
          {
            "timestamp": "2026-06-28 21:56:14,417",
            "thread_id": "2784",
            "caller": "0x07e7e7fa",
            "parentcaller": "0x07e7e6cb",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": ".ClientSection, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n            <section name=\"comContracts\" type=\"System.ServiceModel.Configuration.ComContractsSection, System.ServiceModel, Version=4.0.0.0, Culture=n"
              },
              {
                "name": "Length",
                "value": "16384"
              }
            ],
            "repeated": 0,
            "id": 998
          },
          {
            "timestamp": "2026-06-28 21:56:14,417",
            "thread_id": "2784",
            "caller": "0x07f712f9",
            "parentcaller": "0x07f77271",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05622000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 999
          },
          {
            "timestamp": "2026-06-28 21:56:14,448",
            "thread_id": "2784",
            "caller": "0x07e7e7fa",
            "parentcaller": "0x07e7e6cb",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": false,
            "return": "0xffffffffc0000011",
            "pretty_return": "END_OF_FILE",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000408"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
              },
              {
                "name": "Buffer",
                "value": "\t\tuseMachineProtection=\"true\"\r\n\t\t\t\tkeyEntropy=\"\"  />\r\n        </providers>\r\n    </configProtectedData>\r\n\r\n    <runtime />\r\n\r\n    <connectionStrings>\r\n        <add name=\"LocalSqlServer\" connectionString=\"data source=.\\SQLEXPRESS;Integrated Security=SSPI;Att"
              },
              {
                "name": "Length",
                "value": "11406"
              }
            ],
            "repeated": 0,
            "id": 1000
          },
          {
            "timestamp": "2026-06-28 21:56:14,448",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07e7014b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000408"
              }
            ],
            "repeated": 0,
            "id": 1001
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1002
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1003
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1004
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1005
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1006
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1007
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07e4d41b",
            "parentcaller": "0x07e4d088",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config"
              }
            ],
            "repeated": 1,
            "id": 1008
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1009
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1010
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07f7d03f",
            "parentcaller": "0x07e46f47",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1011
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1012
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1013
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1014
          },
          {
            "timestamp": "2026-06-28 21:56:14,464",
            "thread_id": "2784",
            "caller": "0x07d4cc47",
            "parentcaller": "0x07d4cb48",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1015
          },
          {
            "timestamp": "2026-06-28 21:56:14,479",
            "thread_id": "2784",
            "caller": "0x07f7e542",
            "parentcaller": "0x07f7e44a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e8e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1016
          },
          {
            "timestamp": "2026-06-28 21:56:14,495",
            "thread_id": "2784",
            "caller": "0x07f30778",
            "parentcaller": "0x07f305c0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1017
          },
          {
            "timestamp": "2026-06-28 21:56:14,495",
            "thread_id": "2784",
            "caller": "0x07f30778",
            "parentcaller": "0x07f305c0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1018
          },
          {
            "timestamp": "2026-06-28 21:56:14,495",
            "thread_id": "2784",
            "caller": "0x07f30778",
            "parentcaller": "0x07f305c0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1019
          },
          {
            "timestamp": "2026-06-28 21:56:14,495",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1020
          },
          {
            "timestamp": "2026-06-28 21:56:14,510",
            "thread_id": "2784",
            "caller": "0x07f32f77",
            "parentcaller": "0x07f31988",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1021
          },
          {
            "timestamp": "2026-06-28 21:56:14,510",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1022
          },
          {
            "timestamp": "2026-06-28 21:56:14,510",
            "thread_id": "2784",
            "caller": "0x07cffb13",
            "parentcaller": "0x07e49a36",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1023
          },
          {
            "timestamp": "2026-06-28 21:56:14,526",
            "thread_id": "2784",
            "caller": "0x07cf9a47",
            "parentcaller": "0x07cf9aab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000046c"
              }
            ],
            "repeated": 0,
            "id": 1024
          },
          {
            "timestamp": "2026-06-28 21:56:14,526",
            "thread_id": "2784",
            "caller": "0x07f35b45",
            "parentcaller": "0x07f35ab5",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1025
          },
          {
            "timestamp": "2026-06-28 21:56:14,526",
            "thread_id": "2784",
            "caller": "0x07f35cfa",
            "parentcaller": "0x07f35b45",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 1026
          },
          {
            "timestamp": "2026-06-28 21:56:14,526",
            "thread_id": "2784",
            "caller": "0x07f35cfa",
            "parentcaller": "0x07f35b45",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LCMapStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75148840"
              }
            ],
            "repeated": 0,
            "id": 1027
          },
          {
            "timestamp": "2026-06-28 21:56:14,542",
            "thread_id": "2784",
            "caller": "0x07f366ba",
            "parentcaller": "0x07d44c48",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d571c0"
              }
            ],
            "repeated": 0,
            "id": 1028
          },
          {
            "timestamp": "2026-06-28 21:56:14,542",
            "thread_id": "2784",
            "caller": "0x07f369c1",
            "parentcaller": "0x07d43bff",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1029
          },
          {
            "timestamp": "2026-06-28 21:56:14,573",
            "thread_id": "2784",
            "caller": "0x07f3a36c",
            "parentcaller": "0x07f3a30a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1030
          },
          {
            "timestamp": "2026-06-28 21:56:14,573",
            "thread_id": "2784",
            "caller": "0x07f3a36c",
            "parentcaller": "0x07f3a30a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150e50"
              }
            ],
            "repeated": 0,
            "id": 1031
          },
          {
            "timestamp": "2026-06-28 21:56:14,573",
            "thread_id": "2784",
            "caller": "0x07f3a5a8",
            "parentcaller": "0x07f3a36c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00f3ebac"
              }
            ],
            "repeated": 0,
            "id": 1032
          },
          {
            "timestamp": "2026-06-28 21:56:14,573",
            "thread_id": "2784",
            "caller": "0x07f3a5a8",
            "parentcaller": "0x07f3a5fc",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 1033
          },
          {
            "timestamp": "2026-06-28 21:56:14,573",
            "thread_id": "2784",
            "caller": "0x07f3a60f",
            "parentcaller": "0x07f3a37c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514f550"
              }
            ],
            "repeated": 0,
            "id": 1034
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3b4bf",
            "parentcaller": "0x07f3a703",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "WideCharToMultiByte"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514dff0"
              }
            ],
            "repeated": 0,
            "id": 1035
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a736",
            "parentcaller": "0x07f3a60f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2e970"
              }
            ],
            "repeated": 0,
            "id": 1036
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a621",
            "parentcaller": "0x07f3a37c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1037
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a621",
            "parentcaller": "0x07f3a37c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LoadLibraryExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514f3a0"
              }
            ],
            "repeated": 0,
            "id": 1038
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\comctl32"
              },
              {
                "name": "DllBase",
                "value": "0x736f0000"
              }
            ],
            "repeated": 0,
            "id": 1039
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "imm32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x760b0000"
              }
            ],
            "repeated": 0,
            "id": 1040
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x736f0000"
              }
            ],
            "repeated": 0,
            "id": 1041
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x736f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1042
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a457",
            "parentcaller": "0x07f3a30a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1043
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3cb17",
            "parentcaller": "0x07f3c587",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1044
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a5a8",
            "parentcaller": "0x07f3d089",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 1045
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3a736",
            "parentcaller": "0x07f3d094",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f87d50"
              }
            ],
            "repeated": 0,
            "id": 1046
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3d0ba",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 1047
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3d0ba",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75010000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdi32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1048
          },
          {
            "timestamp": "2026-06-28 21:56:14,589",
            "thread_id": "2784",
            "caller": "0x07f3d0ba",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015f70"
              }
            ],
            "repeated": 0,
            "id": 1049
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3d1e2",
            "parentcaller": "0x07f3cb17",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1050
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3d1e2",
            "parentcaller": "0x07f3cb17",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1051
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3d1e2",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1052
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3d1e2",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51a70"
              }
            ],
            "repeated": 0,
            "id": 1053
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e24a",
            "parentcaller": "0x07f3d1e2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x012ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1054
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e24a",
            "parentcaller": "0x07f3d1e2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1055
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e24a",
            "parentcaller": "0x07f3d1e2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866660"
              }
            ],
            "repeated": 0,
            "id": 1056
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e24a",
            "parentcaller": "0x07f3d1e2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1057
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e2dd",
            "parentcaller": "0x07f3d1e2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1058
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e2dd",
            "parentcaller": "0x07f3d1e2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866b20"
              }
            ],
            "repeated": 0,
            "id": 1059
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e2dd",
            "parentcaller": "0x07f3d1e2",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1060
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e555",
            "parentcaller": "0x07f3c70d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1061
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e555",
            "parentcaller": "0x07f3c70d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1062
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e555",
            "parentcaller": "0x07f3c70d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1063
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3e555",
            "parentcaller": "0x07f3c70d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51ac0"
              }
            ],
            "repeated": 0,
            "id": 1064
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3ecf0",
            "parentcaller": "0x07f3ec9e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1065
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3ecf0",
            "parentcaller": "0x07f3ec9e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57cc0"
              }
            ],
            "repeated": 0,
            "id": 1066
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3f178",
            "parentcaller": "0x07f3eedd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1067
          },
          {
            "timestamp": "2026-06-28 21:56:14,604",
            "thread_id": "2784",
            "caller": "0x07f3f178",
            "parentcaller": "0x07f3eedd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5adb0"
              }
            ],
            "repeated": 0,
            "id": 1068
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa0689",
            "parentcaller": "0x07fa044c",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 1069
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa0689",
            "parentcaller": "0x07fa044c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "FindNLSStringEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75149020"
              }
            ],
            "repeated": 0,
            "id": 1070
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07f3fc0f",
            "parentcaller": "0x07f3fba7",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1071
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07e43271",
            "parentcaller": "0x07f3fc3a",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 1072
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa0c88",
            "parentcaller": "0x07fa0c19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1073
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa0c88",
            "parentcaller": "0x07fa0c19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryValueExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7568e1f0"
              }
            ],
            "repeated": 0,
            "id": 1074
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa1326",
            "parentcaller": "0x07fa0c88",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "DbgJITDebugLaunchSetting"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting"
              }
            ],
            "repeated": 0,
            "id": 1075
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07fa1326",
            "parentcaller": "0x07fa0c88",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              },
              {
                "name": "ValueName",
                "value": "DbgManagedDebugger"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger"
              }
            ],
            "repeated": 0,
            "id": 1076
          },
          {
            "timestamp": "2026-06-28 21:56:14,620",
            "thread_id": "2784",
            "caller": "0x07e4315a",
            "parentcaller": "0x07b2ab08",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000003f8"
              }
            ],
            "repeated": 0,
            "id": 1077
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa18b8",
            "parentcaller": "0x07f3ef52",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07e5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1078
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa18b8",
            "parentcaller": "0x07f3ef52",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLong"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1079
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa18b8",
            "parentcaller": "0x07f3ef52",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57cc0"
              }
            ],
            "repeated": 0,
            "id": 1080
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa1cd9",
            "parentcaller": "0x07fa1cb0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07fb1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1081
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa311a",
            "parentcaller": "0x07fa1cd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1082
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa311a",
            "parentcaller": "0x07fa1cd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CallWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57c90"
              }
            ],
            "repeated": 0,
            "id": 1083
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa3336",
            "parentcaller": "0x07fa32c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClientRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57560"
              }
            ],
            "repeated": 0,
            "id": 1084
          },
          {
            "timestamp": "2026-06-28 21:56:14,635",
            "thread_id": "2784",
            "caller": "0x07fa3355",
            "parentcaller": "0x07fa32c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d572e0"
              }
            ],
            "repeated": 0,
            "id": 1085
          },
          {
            "timestamp": "2026-06-28 21:56:14,651",
            "thread_id": "2784",
            "caller": "0x07fa567c",
            "parentcaller": "0x07f3a0d7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetParent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d59bb0"
              }
            ],
            "repeated": 0,
            "id": 1086
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1087
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1088
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73880000"
              }
            ],
            "repeated": 0,
            "id": 1089
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73880000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "uxtheme.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1090
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemed"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738ac880"
              }
            ],
            "repeated": 0,
            "id": 1091
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "IsAppThemedW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1092
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa796f",
            "parentcaller": "0x07fa7884",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 1093
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa76f6",
            "parentcaller": "0x07fa75d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1094
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa76f6",
            "parentcaller": "0x07fa75d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "CreateActCtxA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75189b90"
              }
            ],
            "repeated": 0,
            "id": 1095
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1096
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000480"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000478"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll"
              }
            ],
            "repeated": 0,
            "id": 1097
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000480"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09660000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x005a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1098
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000484"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 1099
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000484"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 1100
          },
          {
            "timestamp": "2026-06-28 21:56:14,682",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 1101
          },
          {
            "timestamp": "2026-06-28 21:56:14,698",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 1102
          },
          {
            "timestamp": "2026-06-28 21:56:14,698",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1103
          },
          {
            "timestamp": "2026-06-28 21:56:14,698",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000480"
              }
            ],
            "repeated": 0,
            "id": 1104
          },
          {
            "timestamp": "2026-06-28 21:56:14,698",
            "thread_id": "2784",
            "caller": "0x07fa7c3b",
            "parentcaller": "0x07fa76f6",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 1105
          },
          {
            "timestamp": "2026-06-28 21:56:14,698",
            "thread_id": "2784",
            "caller": "0x07fa7d90",
            "parentcaller": "0x07fa7d3d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07fa8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1106
          },
          {
            "timestamp": "2026-06-28 21:56:14,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1107
          },
          {
            "timestamp": "2026-06-28 21:56:14,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1108
          },
          {
            "timestamp": "2026-06-28 21:56:14,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1109
          },
          {
            "timestamp": "2026-06-28 21:56:14,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 1,
            "id": 1110
          },
          {
            "timestamp": "2026-06-28 21:56:14,714",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcf8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1111
          },
          {
            "timestamp": "2026-06-28 21:56:14,745",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1112
          },
          {
            "timestamp": "2026-06-28 21:56:14,745",
            "thread_id": "2784",
            "caller": "0x07cf6c91",
            "parentcaller": "0x07cf6b6a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fce0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1113
          },
          {
            "timestamp": "2026-06-28 21:56:14,760",
            "thread_id": "2784",
            "caller": "0x07fab8fc",
            "parentcaller": "0x07fab862",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1114
          },
          {
            "timestamp": "2026-06-28 21:56:14,760",
            "thread_id": "2784",
            "caller": "0x07f30778",
            "parentcaller": "0x07f305c0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1115
          },
          {
            "timestamp": "2026-06-28 21:56:14,776",
            "thread_id": "2784",
            "caller": "0x07facf09",
            "parentcaller": "0x07facd98",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1116
          },
          {
            "timestamp": "2026-06-28 21:56:14,792",
            "thread_id": "2784",
            "caller": "0x07f3725a",
            "parentcaller": "0x07d44df8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x04632000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1117
          },
          {
            "timestamp": "2026-06-28 21:56:14,792",
            "thread_id": "2784",
            "caller": "0x07d44e33",
            "parentcaller": "0x07fadb8d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07fbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1118
          },
          {
            "timestamp": "2026-06-28 21:56:14,807",
            "thread_id": "2784",
            "caller": "0x07faf577",
            "parentcaller": "0x07d44e47",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "AdjustWindowRectEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d50100"
              }
            ],
            "repeated": 0,
            "id": 1119
          },
          {
            "timestamp": "2026-06-28 21:56:14,823",
            "thread_id": "2784",
            "caller": "0x07fad94d",
            "parentcaller": "0x07cf6c91",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ff5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1120
          },
          {
            "timestamp": "2026-06-28 21:56:14,839",
            "thread_id": "2784",
            "caller": "0x07fe6e67",
            "parentcaller": "0x07fe697c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ea9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1121
          },
          {
            "timestamp": "2026-06-28 21:56:14,839",
            "thread_id": "2784",
            "caller": "0x07fe8258",
            "parentcaller": "0x07fe81cf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "EventRegister"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f2e0f0"
              }
            ],
            "repeated": 0,
            "id": 1122
          },
          {
            "timestamp": "2026-06-28 21:56:14,854",
            "thread_id": "2784",
            "caller": "0x07fe7239",
            "parentcaller": "0x07fe6f5c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ADVAPI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75670000"
              },
              {
                "name": "FunctionName",
                "value": "EventSetInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f30ab0"
              }
            ],
            "repeated": 0,
            "id": 1123
          },
          {
            "timestamp": "2026-06-28 21:56:14,854",
            "thread_id": "2784",
            "caller": "0x07fe8b93",
            "parentcaller": "0x07fe1a39",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07f8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1124
          },
          {
            "timestamp": "2026-06-28 21:56:14,885",
            "thread_id": "2784",
            "caller": "0x07feee81",
            "parentcaller": "0x07feed1e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07eaf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1125
          },
          {
            "timestamp": "2026-06-28 21:56:14,901",
            "thread_id": "2784",
            "caller": "0x07fef8cb",
            "parentcaller": "0x07fef7a6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08010000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1126
          },
          {
            "timestamp": "2026-06-28 21:56:14,901",
            "thread_id": "2784",
            "caller": "0x07fef8cb",
            "parentcaller": "0x07fef7a6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08010000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1127
          },
          {
            "timestamp": "2026-06-28 21:56:14,917",
            "thread_id": "2784",
            "caller": "0x08031174",
            "parentcaller": "0x0803105f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05642000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1128
          },
          {
            "timestamp": "2026-06-28 21:56:14,917",
            "thread_id": "2784",
            "caller": "0x08031260",
            "parentcaller": "0x080311dd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08011000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1129
          },
          {
            "timestamp": "2026-06-28 21:56:14,917",
            "thread_id": "2784",
            "caller": "0x08032ead",
            "parentcaller": "0x08030fae",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08012000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1130
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x07d4ff93",
            "parentcaller": "0x07fefed5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x754f0000"
              }
            ],
            "repeated": 0,
            "id": 1131
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x07d4ff93",
            "parentcaller": "0x07fefed5",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x754f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ole32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1132
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x07d4ff93",
            "parentcaller": "0x07fefed5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "OleInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75513a30"
              }
            ],
            "repeated": 0,
            "id": 1133
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034537",
            "parentcaller": "0x07d4ff93",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1134
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034537",
            "parentcaller": "0x07d4ff93",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1135
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034537",
            "parentcaller": "0x07d4ff93",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1136
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034537",
            "parentcaller": "0x07d4ff93",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetInterface"
              },
              {
                "name": "Atom",
                "value": "0x0000c020"
              }
            ],
            "repeated": 0,
            "id": 1137
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034537",
            "parentcaller": "0x07d4ff93",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleDropTargetMarshalHwnd"
              },
              {
                "name": "Atom",
                "value": "0x0000c021"
              }
            ],
            "repeated": 0,
            "id": 1138
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034d3c",
            "parentcaller": "0x07fe8bb1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1139
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034d3c",
            "parentcaller": "0x07fe8bb1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "IIDFromString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758983e0"
              }
            ],
            "repeated": 0,
            "id": 1140
          },
          {
            "timestamp": "2026-06-28 21:56:14,932",
            "thread_id": "2784",
            "caller": "0x08034d3c",
            "parentcaller": "0x07fe8bb1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1141
          },
          {
            "timestamp": "2026-06-28 21:56:14,948",
            "thread_id": "2784",
            "caller": "0x0803787d",
            "parentcaller": "0x0803759d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08041000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1142
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3a5a8",
            "parentcaller": "0x07f3a5fc",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 1143
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3a736",
            "parentcaller": "0x07f3a60f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2e970"
              }
            ],
            "repeated": 0,
            "id": 1144
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\USP10"
              },
              {
                "name": "DllBase",
                "value": "0x73650000"
              }
            ],
            "repeated": 0,
            "id": 1145
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\msls31"
              },
              {
                "name": "DllBase",
                "value": "0x73610000"
              }
            ],
            "repeated": 0,
            "id": 1146
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\RichEd20"
              },
              {
                "name": "DllBase",
                "value": "0x73670000"
              }
            ],
            "repeated": 0,
            "id": 1147
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "RichEd20.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x73670000"
              }
            ],
            "repeated": 0,
            "id": 1148
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07f3b6bc",
            "parentcaller": "0x07f3a621",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x73670000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "RichEd20.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 1149
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08037df9",
            "parentcaller": "0x0803562d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1150
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08037df9",
            "parentcaller": "0x0803562d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleFileNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150900"
              }
            ],
            "repeated": 0,
            "id": 1151
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08037f07",
            "parentcaller": "0x08037df9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866660"
              }
            ],
            "repeated": 0,
            "id": 1152
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08037fea",
            "parentcaller": "0x08037df9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866b20"
              }
            ],
            "repeated": 0,
            "id": 1153
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x07e7256b",
            "parentcaller": "0x07e72407",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\riched20.dll"
              }
            ],
            "repeated": 0,
            "id": 1154
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08038259",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "version.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x741f0000"
              }
            ],
            "repeated": 0,
            "id": 1155
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08038259",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x741f0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "version.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1156
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08038259",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1157
          },
          {
            "timestamp": "2026-06-28 21:56:14,964",
            "thread_id": "2784",
            "caller": "0x08038259",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15c0"
              }
            ],
            "repeated": 0,
            "id": 1158
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x0803843f",
            "parentcaller": "0x08038259",
            "category": "filesystem",
            "api": "GetFileVersionInfoSizeW",
            "status": true,
            "return": "0x0000072c",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\System32\\riched20.dll"
              }
            ],
            "repeated": 0,
            "id": 1159
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x080382db",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1160
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x080382db",
            "parentcaller": "0x08035660",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "GetFileVersionInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f15e0"
              }
            ],
            "repeated": 0,
            "id": 1161
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08038538",
            "parentcaller": "0x080382db",
            "category": "filesystem",
            "api": "GetFileVersionInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "PathName",
                "value": "C:\\Windows\\System32\\riched20.dll"
              }
            ],
            "repeated": 0,
            "id": 1162
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x080385ac",
            "parentcaller": "0x080382ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1163
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x080385ac",
            "parentcaller": "0x080382ec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerQueryValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x741f1560"
              }
            ],
            "repeated": 0,
            "id": 1164
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08039d86",
            "parentcaller": "0x08039087",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerLanguageName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1165
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08039d86",
            "parentcaller": "0x08039087",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "VERSION.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x741f0000"
              },
              {
                "name": "FunctionName",
                "value": "VerLanguageNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75165cb0"
              }
            ],
            "repeated": 0,
            "id": 1166
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\winnlsres.dll"
              }
            ],
            "repeated": 0,
            "id": 1167
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\winnlsres.dll"
              }
            ],
            "repeated": 0,
            "id": 1168
          },
          {
            "timestamp": "2026-06-28 21:56:14,979",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000484"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\winnlsres.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1169
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000484"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\winnlsres.dll"
              }
            ],
            "repeated": 0,
            "id": 1170
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000478"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08050000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1171
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 1172
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000478"
              }
            ],
            "repeated": 0,
            "id": 1173
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys"
              }
            ],
            "repeated": 0,
            "id": 1174
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 1175
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\winnlsres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1176
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000478"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\winnlsres.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1177
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000478"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\winnlsres.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 1178
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000484"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08060000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d3a0"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1179
          },
          {
            "timestamp": "2026-06-28 21:56:14,995",
            "thread_id": "2784",
            "caller": "0x08039ece",
            "parentcaller": "0x08039d86",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000484"
              }
            ],
            "repeated": 0,
            "id": 1180
          },
          {
            "timestamp": "2026-06-28 21:56:15,010",
            "thread_id": "2784",
            "caller": "0x0803bcd5",
            "parentcaller": "0x0803b7ff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemDefaultLCID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75147cb0"
              }
            ],
            "repeated": 0,
            "id": 1181
          },
          {
            "timestamp": "2026-06-28 21:56:15,010",
            "thread_id": "2784",
            "caller": "0x0803bcd5",
            "parentcaller": "0x0803b7ff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemDefaultLCIDW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1182
          },
          {
            "timestamp": "2026-06-28 21:56:15,010",
            "thread_id": "2784",
            "caller": "0x0803bd39",
            "parentcaller": "0x0803b7ff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetStockObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015f70"
              }
            ],
            "repeated": 0,
            "id": 1183
          },
          {
            "timestamp": "2026-06-28 21:56:15,010",
            "thread_id": "2784",
            "caller": "0x0803c750",
            "parentcaller": "0x0803c59e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1184
          },
          {
            "timestamp": "2026-06-28 21:56:15,010",
            "thread_id": "2784",
            "caller": "0x0803c750",
            "parentcaller": "0x0803c59e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016d70"
              }
            ],
            "repeated": 0,
            "id": 1185
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803c959",
            "parentcaller": "0x0803c5c0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d612b0"
              }
            ],
            "repeated": 0,
            "id": 1186
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803faad",
            "parentcaller": "0x0803fa56",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\\gdiplus"
              },
              {
                "name": "DllBase",
                "value": "0x734a0000"
              }
            ],
            "repeated": 0,
            "id": 1187
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803faad",
            "parentcaller": "0x0803fa56",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x734a0000"
              }
            ],
            "repeated": 0,
            "id": 1188
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803faad",
            "parentcaller": "0x0803fa56",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x734a0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "gdiplus.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1189
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803faad",
            "parentcaller": "0x0803fa56",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdiplusStartup"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73516b00"
              }
            ],
            "repeated": 0,
            "id": 1190
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x091a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1191
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x091a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x001f0000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 1192
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09390000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1193
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1194
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 1,
            "id": 1195
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1196
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1197
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 1198
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57730"
              }
            ],
            "repeated": 0,
            "id": 1199
          },
          {
            "timestamp": "2026-06-28 21:56:15,026",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetAncestor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63d60"
              }
            ],
            "repeated": 0,
            "id": 1200
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d46a80"
              }
            ],
            "repeated": 0,
            "id": 1201
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63d00"
              }
            ],
            "repeated": 0,
            "id": 1202
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayDevicesA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4be40"
              }
            ],
            "repeated": 0,
            "id": 1203
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1204
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1205
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09391000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1206
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "78"
              }
            ],
            "repeated": 0,
            "id": 1207
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "79"
              }
            ],
            "repeated": 0,
            "id": 1208
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1209
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1210
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 1211
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "ExtTextOutW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75013b70"
              }
            ],
            "repeated": 0,
            "id": 1212
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GdiIsMetaPrintDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501a800"
              }
            ],
            "repeated": 0,
            "id": 1213
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\\GdiPlus.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x734a0000"
              }
            ],
            "repeated": 0,
            "id": 1214
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000494"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x73518580"
              },
              {
                "name": "Parameter",
                "value": "0x09391298"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "2124"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "gdiplus.dll"
              }
            ],
            "repeated": 0,
            "id": 1215
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803fc2d",
            "parentcaller": "0x0803faad",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000494",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x73518580"
              },
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "Parameter",
                "value": "0x09391298"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2124"
              }
            ],
            "repeated": 0,
            "id": 1216
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2124",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1217
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2124",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1218
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803f777",
            "parentcaller": "0x0803c5cd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateFontFromLogfontW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73503140"
              }
            ],
            "repeated": 0,
            "id": 1219
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2124",
            "caller": "0x76f392db",
            "parentcaller": "0x76f39742",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\SystemResources\\gdiplus.dll.mun"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 1,
            "id": 1220
          },
          {
            "timestamp": "2026-06-28 21:56:15,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DWrite.dll"
              }
            ],
            "repeated": 0,
            "id": 1221
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DWrite.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1222
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\DWrite.dll"
              }
            ],
            "repeated": 0,
            "id": 1223
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x73290000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00210000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1224
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7344d000"
              },
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1225
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1226
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1227
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7344b000"
              },
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1228
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 1229
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 1230
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7344b000"
              },
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1231
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x87\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00I\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1232
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1233
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1234
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1235
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\DWrite.dll"
              }
            ],
            "repeated": 0,
            "id": 1236
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DWrite.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1237
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a4"
              }
            ],
            "repeated": 0,
            "id": 1238
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\DWrite"
              },
              {
                "name": "DllBase",
                "value": "0x73290000"
              }
            ],
            "repeated": 0,
            "id": 1239
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1240
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\DirectWrite"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectWrite"
              }
            ],
            "repeated": 0,
            "id": 1241
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\DWrite"
              },
              {
                "name": "BaseAddress",
                "value": "0x73290000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7334a670"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1242
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735ec000"
              },
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1243
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 1244
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x735ec000"
              },
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1245
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x768e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000d3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1246
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1247
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09660000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1248
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1249
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1250
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1251
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a3000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1252
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1253
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4f089",
            "parentcaller": "0x76f52308",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 1254
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 1255
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Services\\FontCache\\Parameters"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache\\Parameters"
              }
            ],
            "repeated": 0,
            "id": 1256
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\MSCTF.dll"
              }
            ],
            "repeated": 0,
            "id": 1257
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004a8"
              },
              {
                "name": "ValueName",
                "value": "ClientCacheSize"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4194304"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\FontCache\\Parameters\\ClientCacheSize"
              }
            ],
            "repeated": 0,
            "id": 1258
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004a8"
              }
            ],
            "repeated": 0,
            "id": 1259
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1260
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msctf.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 1261
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b0"
              }
            ],
            "repeated": 0,
            "id": 1262
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\MSCTF"
              },
              {
                "name": "DllBase",
                "value": "0x768e0000"
              }
            ],
            "repeated": 0,
            "id": 1263
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f51843",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\msctf"
              },
              {
                "name": "BaseAddress",
                "value": "0x768e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7692dfc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1264
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1265
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1266
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f561ea",
            "parentcaller": "0x75baaf3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1267
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f56211",
            "parentcaller": "0x75baaf3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1268
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1269
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1270
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1271
          },
          {
            "timestamp": "2026-06-28 21:56:15,057",
            "thread_id": "2124",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1272
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2124",
            "caller": "0x75b92644",
            "parentcaller": "0x7351896c",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1273
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2124",
            "caller": "0x75b8fe16",
            "parentcaller": "0x73518986",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 1274
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2124",
            "caller": "0x75b9106a",
            "parentcaller": "0x73518999",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1275
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 1276
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "WerRegisterMemoryBlock"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751491a0"
              }
            ],
            "repeated": 0,
            "id": 1277
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1278
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 1279
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 1280
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 1281
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 1282
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 1283
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1284
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 1,
            "id": 1285
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 1286
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1287
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts"
              }
            ],
            "repeated": 0,
            "id": 1288
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb7^}\\xfff5v\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1289
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1290
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb7^}\\xfff5v\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1291
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 1292
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1293
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 1294
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 1295
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts"
              }
            ],
            "repeated": 0,
            "id": 1296
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "KeyInformation",
                "value": "\\x0e\\x11\\xff96\\x05F\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x01\\x00\\x00Z\\x01\\x00\\x00\\xff88\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 1297
          },
          {
            "timestamp": "2026-06-28 21:56:15,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1298
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1299
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1300
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1301
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1302
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1303
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1304
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1305
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1306
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1307
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1308
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1309
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1310
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1311
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01214000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1312
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1313
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1314
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1315
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1316
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01215000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1317
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01217000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1318
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 1319
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 1320
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1321
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1322
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1323
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1324
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01219000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1325
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1326
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1327
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1328
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1329
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1330
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1331
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1332
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1333
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1334
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1335
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1336
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1337
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1338
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1339
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1340
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1341
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1342
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1343
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1344
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1345
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1346
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1347
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1348
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1349
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1350
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1351
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1352
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1353
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1354
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1355
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1356
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1357
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1358
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1359
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1360
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1361
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1362
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1363
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1364
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1365
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1366
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1367
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1368
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1369
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09673000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1370
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1371
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1372
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1373
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1374
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1375
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1376
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1377
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1378
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1379
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1380
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1381
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1382
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1383
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1384
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1385
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1386
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1387
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1388
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1389
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1390
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1391
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1392
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1393
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1394
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1395
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1396
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1397
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1398
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1399
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09678000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1400
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1401
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1402
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1403
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1404
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1405
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1406
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1407
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1408
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1409
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1410
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1411
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1412
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1413
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1414
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1415
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1416
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1417
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1418
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1419
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1420
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1421
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1422
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1423
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1424
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1425
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1426
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1427
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1428
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1429
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1430
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1431
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1432
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1433
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1434
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1435
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1436
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1437
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1438
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1439
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1440
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1441
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "131"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1442
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "132"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1443
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "133"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1444
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "134"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1445
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "135"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1446
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "136"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1447
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "137"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1448
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "138"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1449
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "139"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1450
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "140"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1451
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "141"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1452
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1453
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "142"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1454
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "143"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1455
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "144"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1456
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "145"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1457
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "146"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1458
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "147"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1459
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "148"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1460
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09684000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1461
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "149"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1462
          },
          {
            "timestamp": "2026-06-28 21:56:15,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "150"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1463
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "151"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1464
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "152"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1465
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "153"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1466
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "154"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1467
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "155"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1468
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "156"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1469
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "157"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1470
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "158"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1471
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "159"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1472
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "160"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1473
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "161"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1474
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "162"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1475
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "163"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1476
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "164"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1477
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "165"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1478
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "166"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1479
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "167"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1480
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "168"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1481
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "169"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1482
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "170"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1483
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "171"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1484
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "172"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1485
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "173"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1486
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "174"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1487
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "175"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1488
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "176"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1489
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "177"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1490
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1491
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "178"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1492
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "179"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1493
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "180"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1494
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "181"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1495
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "182"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1496
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "183"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1497
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "184"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1498
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "185"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1499
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "186"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1500
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "187"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1501
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "188"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1502
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "189"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1503
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "190"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1504
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "191"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1505
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "192"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1506
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "193"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1507
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "194"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1508
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "195"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1509
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "196"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1510
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "197"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1511
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "198"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1512
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "199"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1513
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "200"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1514
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "201"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1515
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "202"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1516
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "203"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1517
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "204"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1518
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "205"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1519
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "206"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1520
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1521
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "207"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1522
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "208"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1523
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "209"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1524
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "210"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1525
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "211"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1526
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "212"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1527
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "213"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1528
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "214"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1529
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "215"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1530
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "216"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1531
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "217"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1532
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "218"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1533
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "219"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1534
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "220"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1535
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "221"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1536
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "222"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1537
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "223"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1538
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "224"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1539
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "225"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1540
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "226"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1541
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "227"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1542
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "228"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1543
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "229"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1544
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "230"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1545
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "231"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1546
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "232"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1547
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "233"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1548
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "234"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1549
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "235"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1550
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1551
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "236"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1552
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "237"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1553
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "238"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1554
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "239"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1555
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "240"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1556
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "241"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1557
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "242"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1558
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "243"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1559
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "244"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1560
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "245"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1561
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "246"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1562
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "247"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1563
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "248"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1564
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "249"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1565
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "250"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1566
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "251"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1567
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "252"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1568
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "253"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1569
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "254"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1570
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "255"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1571
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "256"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1572
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "257"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1573
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "258"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1574
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "259"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1575
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "260"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1576
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "261"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1577
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "262"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1578
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "263"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1579
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "264"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1580
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09698000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1581
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "265"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1582
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "266"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1583
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "267"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1584
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "268"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1585
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "269"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1586
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "270"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1587
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "271"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1588
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "272"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1589
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "273"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1590
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "274"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1591
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "275"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1592
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "276"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1593
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "277"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1594
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "278"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1595
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "279"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1596
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "280"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1597
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "281"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1598
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "282"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1599
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "283"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1600
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "284"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1601
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "285"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1602
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "286"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1603
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "287"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1604
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "288"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1605
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "289"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1606
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "290"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1607
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "291"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1608
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "292"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1609
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "293"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1610
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "294"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1611
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "295"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1612
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "296"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1613
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "297"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1614
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "298"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1615
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "299"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1616
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "300"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1617
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "301"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1618
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "302"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1619
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "303"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1620
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "304"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1621
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "305"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1622
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "306"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1623
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "307"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1624
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "308"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1625
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "309"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1626
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "310"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1627
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "311"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1628
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "312"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1629
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "313"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1630
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "314"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1631
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "315"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1632
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "316"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1633
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1634
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "317"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1635
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "318"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1636
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "319"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1637
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "320"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1638
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "321"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1639
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "322"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1640
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "323"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1641
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 1642
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "324"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1643
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "325"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1644
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "326"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1645
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "327"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1646
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "328"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1647
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "329"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1648
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "330"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1649
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "331"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1650
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "332"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1651
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "333"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1652
          },
          {
            "timestamp": "2026-06-28 21:56:15,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "334"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1653
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "335"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1654
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "336"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1655
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "337"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1656
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "338"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1657
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "339"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1658
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "340"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1659
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "341"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1660
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "342"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1661
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "343"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1662
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004bc"
              },
              {
                "name": "Index",
                "value": "344"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 1663
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1664
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1665
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1666
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1667
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1668
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1669
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1670
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1671
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1672
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1673
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1674
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe241365d"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1675
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1676
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe243dffb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1677
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1678
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe243dffb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1679
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1680
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe243dffb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1681
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1682
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe243dffb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1683
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1684
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe243dffb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1685
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1686
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIBRILI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1687
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1688
          },
          {
            "timestamp": "2026-06-28 21:56:15,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1689
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1690
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8f83d33"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1691
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1692
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8f83d33"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1693
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1694
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8f83d33"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1695
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1696
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8f83d33"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1697
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1698
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8fa9848"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1699
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1700
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8fa9848"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1701
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1702
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8fa9848"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1703
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1704
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8fa9848"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1705
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1706
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CANDARALI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1707
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1708
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1709
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1710
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1711
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1712
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1713
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1714
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1715
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1716
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1717
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1718
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1719
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1720
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1721
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1722
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1723
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1724
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1725
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1726
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1727
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1728
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1729
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1730
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1731
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1732
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9174837"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1733
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1734
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1735
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1736
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1737
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1738
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1739
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1740
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1741
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1742
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1743
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1744
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1745
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1746
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1747
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1748
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1749
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1750
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1751
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1752
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1753
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1754
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe245ead6"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1755
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1756
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1757
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1758
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1759
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1760
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1761
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1762
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe248c353"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1763
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1764
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1765
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1766
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe248c353"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1767
          },
          {
            "timestamp": "2026-06-28 21:56:15,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 0,
            "id": 1768
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe248c353"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1769
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1770
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe248c353"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1771
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1772
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe248c353"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1773
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1774
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1775
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1776
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x1c07501e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d7bab9"
              }
            ],
            "repeated": 0,
            "id": 1777
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1778
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31a2052"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1779
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1780
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31a2052"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1781
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1782
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31a2052"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1783
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1784
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31a2052"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1785
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1786
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xf0054199"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1787
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1788
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1789
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1790
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31a2052"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1791
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1792
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ace51ff"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1793
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1794
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ad0d302"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1795
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1796
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31c8433"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1797
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1798
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31c8433"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1799
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1800
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ac4c87c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1801
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1802
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ac2b69a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1803
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1804
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1805
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1806
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1807
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1808
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1809
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1810
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1811
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1812
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1813
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1814
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32acfdd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1815
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1816
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1817
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1818
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe31efb18"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1819
          },
          {
            "timestamp": "2026-06-28 21:56:15,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1820
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ac00262"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1821
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1822
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0abd9c8e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1823
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1824
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1825
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1826
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8eed35f"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1827
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1828
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\modern.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9f9c621"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1829
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1830
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1831
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1832
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1833
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1834
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1835
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1836
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1837
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1838
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1839
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1840
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1841
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1842
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1843
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1844
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1845
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1846
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1847
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1848
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1849
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1850
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1851
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1852
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1853
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1854
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\roman.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9f9c621"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1855
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1856
          },
          {
            "timestamp": "2026-06-28 21:56:15,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\script.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9f9c621"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1857
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1858
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3286f10"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1859
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1860
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1861
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1862
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1863
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1864
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1865
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1866
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1867
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1868
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3286f10"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1869
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1870
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3273a59"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1871
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1872
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1873
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1874
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1875
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 1876
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1877
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1878
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3286f10"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1879
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1880
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3286f10"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1881
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1882
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1883
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1884
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe323b170"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1885
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1886
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1887
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1888
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3273a59"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1889
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1890
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1891
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1892
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SEGOEUISL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3273a59"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1893
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1894
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1895
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1896
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3273a59"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1897
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1898
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe3286f10"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1899
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1900
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe8f5f3e8"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1901
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1902
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1903
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1904
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe91e607e"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1905
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1906
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1907
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1908
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1909
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1910
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1911
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1912
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1913
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1914
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1915
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1916
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1917
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1918
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32acfdd"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1919
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1920
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1921
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1922
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1923
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1924
          },
          {
            "timestamp": "2026-06-28 21:56:15,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1925
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1926
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1927
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1928
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1929
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1930
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1931
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1932
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1933
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1934
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1935
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1936
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1937
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1938
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1939
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1940
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1941
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1942
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1943
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1944
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32d5079"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1945
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1946
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0acbedf9"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1947
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1948
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ace51ff"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1949
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1950
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe32f98a5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1951
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1952
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0ac99b6c"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acde"
              }
            ],
            "repeated": 0,
            "id": 1953
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1954
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\coure.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1955
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1956
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courf.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9212e24"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1957
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1958
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\serife.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe927e672"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1959
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1960
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seriff.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe927e672"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1961
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1962
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sserife.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe92583fb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1963
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1964
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sseriff.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe92583fb"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1965
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1966
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smalle.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe92cac3a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1967
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1968
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smallf.fon"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe92cac3a"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 1969
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1970
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\EQUATION\\MTEXTRA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1971
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1972
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1973
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1974
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1975
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1976
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319b30",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1977
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1978
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1979
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1980
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1981
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1982
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1983
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1984
          },
          {
            "timestamp": "2026-06-28 21:56:15,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1985
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1986
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1987
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1988
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1989
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1990
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1991
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1992
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1993
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1994
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1995
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1996
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1997
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 1998
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 1999
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2000
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2001
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2002
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2003
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2004
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2005
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2006
          },
          {
            "timestamp": "2026-06-28 21:56:15,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2007
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2008
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2009
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2010
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2011
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2012
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2013
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2014
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2015
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2016
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2017
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2018
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2019
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2020
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2021
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2022
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2023
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2024
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2025
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2026
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2027
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2028
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2029
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2030
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2031
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2032
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2033
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2034
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2035
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2036
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2037
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2038
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2039
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2040
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2041
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2042
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2043
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2044
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2045
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2046
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0d02fa00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab3"
              }
            ],
            "repeated": 0,
            "id": 2047
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2048
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2049
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2050
          },
          {
            "timestamp": "2026-06-28 21:56:15,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2051
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2052
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2053
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2054
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2055
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2056
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2057
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2058
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2059
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2060
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2061
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2062
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2063
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2064
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2065
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2066
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2067
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2068
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2069
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2070
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2071
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2072
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2073
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2074
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2075
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2076
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0d02fa00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab3"
              }
            ],
            "repeated": 0,
            "id": 2077
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2078
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319b30",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2079
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2080
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0d02fa00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab3"
              }
            ],
            "repeated": 0,
            "id": 2081
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2082
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2083
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2084
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0d02fa00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab3"
              }
            ],
            "repeated": 0,
            "id": 2085
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2086
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x0d02fa00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab3"
              }
            ],
            "repeated": 0,
            "id": 2087
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2088
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2089
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2090
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2091
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2092
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2093
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2094
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2095
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2096
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2097
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2098
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2099
          },
          {
            "timestamp": "2026-06-28 21:56:15,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2100
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2101
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2102
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2103
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2104
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2105
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2106
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2107
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2108
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2109
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2110
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2111
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2112
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2113
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2114
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2115
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2116
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2117
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2118
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2119
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2120
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2121
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2122
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2123
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2124
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2125
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2126
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2127
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2128
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2129
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2130
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2131
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2132
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2133
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2134
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2135
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2136
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2137
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2138
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2139
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2140
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2141
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2142
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2143
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2144
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2145
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2146
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2147
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2148
          },
          {
            "timestamp": "2026-06-28 21:56:15,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013199b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2149
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2150
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2151
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2152
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2153
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2154
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2155
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2156
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2157
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2158
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319b30",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2159
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2160
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2161
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2162
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2163
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2164
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2165
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2166
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2167
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2168
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2169
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2170
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2171
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2172
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2173
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2174
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2175
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2176
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2177
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2178
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2179
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2180
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2181
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2182
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2183
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2184
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2185
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2186
          },
          {
            "timestamp": "2026-06-28 21:56:15,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2187
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2188
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2189
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2190
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2191
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2192
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2193
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2194
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2195
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2196
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2197
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2198
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2199
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2200
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2201
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2202
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2203
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2204
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2205
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2206
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2207
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2208
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2209
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2210
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2211
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2212
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2213
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2214
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2215
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2216
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2217
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2218
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2219
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2220
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2221
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2222
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2223
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2224
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2225
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2226
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2227
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2228
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2229
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2230
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2231
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2232
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2233
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2234
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2235
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2236
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2237
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2238
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2239
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2240
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2241
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2242
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2243
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2244
          },
          {
            "timestamp": "2026-06-28 21:56:15,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2245
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2246
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2247
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2248
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2249
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2250
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2251
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2252
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2253
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2254
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2255
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2256
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2257
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2258
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2259
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2260
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2261
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2262
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2263
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2264
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319670",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2265
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2266
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2267
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2268
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x661e5e00"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2269
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2270
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2271
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2272
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2273
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2274
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2275
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2276
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2277
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2278
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2279
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2280
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2281
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2282
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2283
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2284
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2285
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2286
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2287
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2288
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2289
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2290
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2291
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2292
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2293
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2294
          },
          {
            "timestamp": "2026-06-28 21:56:15,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2295
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2296
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2297
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2298
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2299
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2300
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2301
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2302
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2303
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2304
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2305
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2306
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2307
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2308
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2309
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2310
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2311
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2312
          },
          {
            "timestamp": "2026-06-28 21:56:15,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2313
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2314
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319630",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x64ed3100"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2315
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2316
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2317
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2318
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319af0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2319
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2320
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319730",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2321
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2322
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2323
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2324
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2325
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2326
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2327
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2328
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2329
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2330
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319b30",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2331
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2332
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013196b0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2333
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2334
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2335
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2336
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2337
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2338
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x013195f0",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2339
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2340
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2341
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2342
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2343
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2344
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319970",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2345
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2346
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319570",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2347
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2348
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2349
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2350
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319930",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0x63bc0400"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d0cab2"
              }
            ],
            "repeated": 0,
            "id": 2351
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2352
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": true,
            "return": "0x01319530",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              },
              {
                "name": "FirstCreateTimeLow",
                "value": "0xe9199ba5"
              },
              {
                "name": "FirstCreateTimeHigh",
                "value": "0x01d5acdd"
              }
            ],
            "repeated": 0,
            "id": 2353
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2354
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2355
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2356
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09673000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2357
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09678000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2358
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2359
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2360
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09692000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2361
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2362
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2363
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2364
          },
          {
            "timestamp": "2026-06-28 21:56:15,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2365
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2366
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2367
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2368
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2369
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2370
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              }
            ],
            "repeated": 0,
            "id": 2371
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000fe000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2372
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00400000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2373
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 2374
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09860000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2375
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2376
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 2377
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Avalon.Graphics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics"
              }
            ],
            "repeated": 0,
            "id": 2378
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096af000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2379
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2380
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2381
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ca-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES"
              }
            ],
            "repeated": 0,
            "id": 2382
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2383
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2384
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ca-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES"
              }
            ],
            "repeated": 0,
            "id": 2385
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2386
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2387
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "cs-CZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ"
              }
            ],
            "repeated": 0,
            "id": 2388
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2389
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2390
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "cs-CZ"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ"
              }
            ],
            "repeated": 0,
            "id": 2391
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2392
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2393
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "da-DK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK"
              }
            ],
            "repeated": 0,
            "id": 2394
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2395
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2396
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "da-DK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK"
              }
            ],
            "repeated": 0,
            "id": 2397
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2398
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2399
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "de-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE"
              }
            ],
            "repeated": 0,
            "id": 2400
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2401
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2402
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "de-DE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE"
              }
            ],
            "repeated": 0,
            "id": 2403
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2404
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2405
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "el-GR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR"
              }
            ],
            "repeated": 0,
            "id": 2406
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2407
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2408
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "el-GR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR"
              }
            ],
            "repeated": 0,
            "id": 2409
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2410
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2411
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-ES_tradnl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES_tradnl"
              }
            ],
            "repeated": 0,
            "id": 2412
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2413
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2414
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-ES_tradnl"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES_tradnl"
              }
            ],
            "repeated": 0,
            "id": 2415
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2416
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2417
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fi-FI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fi-FI"
              }
            ],
            "repeated": 0,
            "id": 2418
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2419
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2420
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fi-FI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fi-FI"
              }
            ],
            "repeated": 0,
            "id": 2421
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2422
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2423
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fr-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-FR"
              }
            ],
            "repeated": 0,
            "id": 2424
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2425
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2426
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fr-FR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-FR"
              }
            ],
            "repeated": 0,
            "id": 2427
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2428
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2429
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "hu-HU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\hu-HU"
              }
            ],
            "repeated": 0,
            "id": 2430
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2431
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2432
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "hu-HU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\hu-HU"
              }
            ],
            "repeated": 0,
            "id": 2433
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2434
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2435
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "it-IT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\it-IT"
              }
            ],
            "repeated": 0,
            "id": 2436
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2437
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2438
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "it-IT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\it-IT"
              }
            ],
            "repeated": 0,
            "id": 2439
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2440
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2441
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "nl-NL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nl-NL"
              }
            ],
            "repeated": 0,
            "id": 2442
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2443
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2444
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "nl-NL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nl-NL"
              }
            ],
            "repeated": 0,
            "id": 2445
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2446
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2447
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "nb-NO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nb-NO"
              }
            ],
            "repeated": 0,
            "id": 2448
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2449
          },
          {
            "timestamp": "2026-06-28 21:56:15,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2450
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "nb-NO"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nb-NO"
              }
            ],
            "repeated": 0,
            "id": 2451
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2452
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2453
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pl-PL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pl-PL"
              }
            ],
            "repeated": 0,
            "id": 2454
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2455
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2456
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pl-PL"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pl-PL"
              }
            ],
            "repeated": 0,
            "id": 2457
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2458
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2459
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pt-BR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-BR"
              }
            ],
            "repeated": 0,
            "id": 2460
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2461
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2462
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pt-BR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-BR"
              }
            ],
            "repeated": 0,
            "id": 2463
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2464
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2465
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2466
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2467
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2468
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "ru-RU"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU"
              }
            ],
            "repeated": 0,
            "id": 2469
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2470
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2471
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sk-SK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sk-SK"
              }
            ],
            "repeated": 0,
            "id": 2472
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2473
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2474
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sk-SK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sk-SK"
              }
            ],
            "repeated": 0,
            "id": 2475
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2476
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2477
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sv-SE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sv-SE"
              }
            ],
            "repeated": 0,
            "id": 2478
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2479
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2480
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sv-SE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sv-SE"
              }
            ],
            "repeated": 0,
            "id": 2481
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2482
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2483
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "tr-TR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\tr-TR"
              }
            ],
            "repeated": 0,
            "id": 2484
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2485
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2486
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "tr-TR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\tr-TR"
              }
            ],
            "repeated": 0,
            "id": 2487
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2488
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2489
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sl-SI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sl-SI"
              }
            ],
            "repeated": 0,
            "id": 2490
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2491
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2492
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "sl-SI"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sl-SI"
              }
            ],
            "repeated": 0,
            "id": 2493
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2494
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2495
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "vi-VN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\vi-VN"
              }
            ],
            "repeated": 0,
            "id": 2496
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2497
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2498
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "vi-VN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\vi-VN"
              }
            ],
            "repeated": 0,
            "id": 2499
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2500
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2501
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "eu-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\eu-ES"
              }
            ],
            "repeated": 0,
            "id": 2502
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2503
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2504
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "eu-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\eu-ES"
              }
            ],
            "repeated": 0,
            "id": 2505
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2506
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2507
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-MX"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-MX"
              }
            ],
            "repeated": 0,
            "id": 2508
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2509
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2510
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-MX"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-MX"
              }
            ],
            "repeated": 0,
            "id": 2511
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2512
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2513
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pt-PT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-PT"
              }
            ],
            "repeated": 0,
            "id": 2514
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2515
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2516
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "pt-PT"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-PT"
              }
            ],
            "repeated": 0,
            "id": 2517
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2518
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2519
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES"
              }
            ],
            "repeated": 0,
            "id": 2520
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2521
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2522
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "es-ES"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES"
              }
            ],
            "repeated": 0,
            "id": 2523
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2524
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 2525
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fr-CA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-CA"
              }
            ],
            "repeated": 0,
            "id": 2526
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2527
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 2528
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "fr-CA"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-CA"
              }
            ],
            "repeated": 0,
            "id": 2529
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2530
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 2531
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 2532
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 2533
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 2534
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 2535
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 2536
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 2537
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2538
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 2539
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2540
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2541
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 2542
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004bc"
              }
            ],
            "repeated": 1,
            "id": 2543
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09692000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2544
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2545
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09883000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2546
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2547
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2548
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2549
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2550
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2551
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2552
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2553
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2554
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              }
            ],
            "repeated": 0,
            "id": 2555
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2556
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2557
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09673000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2558
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2559
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09884000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2560
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2561
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2562
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2563
          },
          {
            "timestamp": "2026-06-28 21:56:15,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2564
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2565
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2566
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2567
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2568
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 2569
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2570
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2571
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2572
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2573
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09886000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2574
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2575
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2576
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2577
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2578
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2579
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2580
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2581
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2582
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2583
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2584
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2585
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2586
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 2587
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000b1000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2588
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2589
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2590
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2591
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2592
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09888000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2593
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000b1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2594
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2595
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2596
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2597
          },
          {
            "timestamp": "2026-06-28 21:56:15,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2598
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2599
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2600
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2601
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              }
            ],
            "repeated": 0,
            "id": 2602
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000b0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2603
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2604
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2605
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2606
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0988a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2607
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000b0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2608
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2609
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2610
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2611
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2612
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2613
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2614
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2615
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 2616
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2617
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2618
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2619
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2620
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2621
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2622
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2623
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2624
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2625
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2626
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2627
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2628
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2629
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2630
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0988c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2631
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2632
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2633
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2634
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2635
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2636
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0988d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2637
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2638
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2639
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0988e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2640
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2641
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2642
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0988f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2643
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2644
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2645
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09890000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2646
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2647
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09678000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2648
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2649
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09678000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2650
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09678000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2651
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2652
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2653
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2654
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09891000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2655
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2656
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2657
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09892000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2658
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2659
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2660
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09893000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2661
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2662
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2663
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09894000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2664
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2665
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2666
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09895000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2667
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2668
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2669
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2670
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2671
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09896000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2672
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2673
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2674
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09897000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2675
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2676
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2677
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2678
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2679
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2680
          },
          {
            "timestamp": "2026-06-28 21:56:15,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2681
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2682
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2683
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              }
            ],
            "repeated": 0,
            "id": 2684
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00193000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2685
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2686
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2687
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09898000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2688
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00193000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2689
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2690
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2691
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2692
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2693
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2694
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2695
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2696
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              }
            ],
            "repeated": 0,
            "id": 2697
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0018a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2698
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2699
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2700
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0989a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2701
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2702
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2703
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0018a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2704
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2705
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2706
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2707
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2708
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2709
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2710
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2711
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              }
            ],
            "repeated": 0,
            "id": 2712
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0011b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2713
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2714
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2715
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2716
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2717
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0989c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2718
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2719
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2720
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0011b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2721
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2722
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2723
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2724
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2725
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2726
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2727
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2728
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              }
            ],
            "repeated": 0,
            "id": 2729
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00125000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2730
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2731
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2732
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2733
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2734
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0989d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2735
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2736
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2737
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00125000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2738
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2739
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2740
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2741
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2742
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2743
          },
          {
            "timestamp": "2026-06-28 21:56:15,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2744
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2745
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              }
            ],
            "repeated": 0,
            "id": 2746
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00160000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2747
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2748
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2749
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2750
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2751
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0989f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2752
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2753
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2754
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00160000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2755
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2756
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2757
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2758
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2759
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIBRILI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2760
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrili.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2761
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2762
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrili.ttf"
              }
            ],
            "repeated": 0,
            "id": 2763
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00104000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2764
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2765
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2766
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2767
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2768
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2769
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2770
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2771
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00104000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2772
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2773
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2774
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2775
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2776
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2777
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2778
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2779
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              }
            ],
            "repeated": 0,
            "id": 2780
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x001b6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2781
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2782
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2783
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2784
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2785
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2786
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2787
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2788
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001b6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2789
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2790
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2791
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2792
          },
          {
            "timestamp": "2026-06-28 21:56:15,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2793
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2794
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2795
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2796
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              }
            ],
            "repeated": 0,
            "id": 2797
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000ce000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2798
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2799
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2800
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2801
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2802
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ce000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2803
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2804
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2805
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2806
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2807
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2808
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2809
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2810
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 2811
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000d2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2812
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2813
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2814
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2815
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2816
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2817
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2818
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2819
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2820
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2821
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2822
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2823
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              }
            ],
            "repeated": 0,
            "id": 2824
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000da000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2825
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2826
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2827
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2828
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000da000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2829
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2830
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2831
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2832
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2833
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2834
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2835
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2836
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              }
            ],
            "repeated": 0,
            "id": 2837
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2838
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2839
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2840
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2841
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2842
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2843
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2844
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2845
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2846
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2847
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2848
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2849
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              }
            ],
            "repeated": 0,
            "id": 2850
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2851
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2852
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2853
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2854
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2855
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2856
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2857
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2858
          },
          {
            "timestamp": "2026-06-28 21:56:15,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2859
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2860
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2861
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2862
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              }
            ],
            "repeated": 0,
            "id": 2863
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2864
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2865
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2866
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2867
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2868
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2869
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2870
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2871
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2872
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2873
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2874
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2875
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              }
            ],
            "repeated": 0,
            "id": 2876
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2877
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2878
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2879
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2880
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2881
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 2882
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2883
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2884
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2885
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2886
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2887
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2888
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              }
            ],
            "repeated": 0,
            "id": 2889
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2890
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2891
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2892
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2893
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2894
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2895
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2896
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2897
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2898
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CANDARALI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2899
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarali.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2900
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2901
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarali.ttf"
              }
            ],
            "repeated": 0,
            "id": 2902
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2903
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2904
          },
          {
            "timestamp": "2026-06-28 21:56:15,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2905
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2906
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2907
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2908
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2909
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2910
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2911
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2912
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2913
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2914
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              }
            ],
            "repeated": 0,
            "id": 2915
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2916
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2917
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2918
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2919
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2920
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2921
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2922
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2923
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2924
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2925
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2926
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2927
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 2928
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2929
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2930
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2931
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2932
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2933
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2934
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2935
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2936
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2937
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2938
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2939
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2940
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              }
            ],
            "repeated": 0,
            "id": 2941
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2942
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2943
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2944
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2945
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2946
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2947
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2948
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2949
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2950
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2951
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2952
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2953
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2954
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              }
            ],
            "repeated": 0,
            "id": 2955
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2956
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2957
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2958
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2959
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2960
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2961
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2962
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2963
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2964
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2965
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2966
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2967
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2968
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2969
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2970
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2971
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              }
            ],
            "repeated": 0,
            "id": 2972
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00071000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2973
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2974
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2975
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096be000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2976
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2977
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2978
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00071000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2979
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2980
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2981
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2982
          },
          {
            "timestamp": "2026-06-28 21:56:15,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2983
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2984
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 2985
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2986
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              }
            ],
            "repeated": 0,
            "id": 2987
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00062000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2988
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2989
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2990
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 2991
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 2992
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2993
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096be000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 2994
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00062000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 2995
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 2996
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 2997
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 2998
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 2999
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3000
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3001
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3002
          },
          {
            "timestamp": "2026-06-28 21:56:15,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 3003
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3004
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3005
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3006
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3007
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3008
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3009
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3010
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3011
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00064000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3012
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3013
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3014
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3015
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3016
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3017
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3018
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3019
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              }
            ],
            "repeated": 0,
            "id": 3020
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00073000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3021
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3022
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3023
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3024
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3025
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3026
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3027
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3028
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3029
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3030
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3031
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3032
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              }
            ],
            "repeated": 0,
            "id": 3033
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0006e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3034
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3035
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3036
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3037
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3038
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3039
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3040
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3041
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3042
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3043
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3044
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3045
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3046
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3047
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              }
            ],
            "repeated": 0,
            "id": 3048
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0006f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3049
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3050
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3051
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3052
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3053
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3054
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3055
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3056
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3057
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3058
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3059
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3060
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3061
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3062
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              }
            ],
            "repeated": 0,
            "id": 3063
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00070000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3064
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3065
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3066
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3067
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3068
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3069
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3070
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3071
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3072
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3073
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3074
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3075
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3076
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3077
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3078
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3079
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              }
            ],
            "repeated": 0,
            "id": 3080
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0006e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3081
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3082
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3083
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3084
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3085
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3086
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3087
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3088
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3089
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3090
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3091
          },
          {
            "timestamp": "2026-06-28 21:56:15,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3092
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3093
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3094
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3095
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              }
            ],
            "repeated": 0,
            "id": 3096
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00044000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3097
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3098
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3099
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3100
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3101
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3102
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3103
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3104
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3105
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3106
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3107
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3108
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3109
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3110
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              }
            ],
            "repeated": 0,
            "id": 3111
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00048000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3112
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3113
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3114
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3115
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3116
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3117
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3118
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3119
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3120
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3121
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3122
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3123
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3124
          },
          {
            "timestamp": "2026-06-28 21:56:15,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3125
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              }
            ],
            "repeated": 0,
            "id": 3126
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00048000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3127
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3128
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3129
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3130
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3131
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3132
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3133
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3134
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3135
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3136
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3137
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3138
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3139
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3140
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              }
            ],
            "repeated": 0,
            "id": 3141
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00046000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3142
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3143
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3144
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3145
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3146
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3147
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00046000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3148
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3149
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3150
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3151
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3152
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3153
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3154
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3155
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              }
            ],
            "repeated": 0,
            "id": 3156
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3157
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3158
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3159
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3160
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3161
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3162
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3163
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3164
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3165
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3166
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3167
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3168
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3169
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3170
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              }
            ],
            "repeated": 0,
            "id": 3171
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3172
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3173
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3174
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3175
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3176
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3177
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3178
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3179
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3180
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3181
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3182
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3183
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3184
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3185
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              }
            ],
            "repeated": 0,
            "id": 3186
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000c5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3187
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3188
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3189
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3190
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3191
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3192
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3193
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000c5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3194
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3195
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3196
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3197
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3198
          },
          {
            "timestamp": "2026-06-28 21:56:15,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3199
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3200
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3201
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 3202
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000c5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3203
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3204
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3205
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3206
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3207
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3208
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3209
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000c5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3210
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3211
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3212
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3213
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3214
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3215
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3216
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3217
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 3218
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0008d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3219
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3220
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3221
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3222
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3223
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3224
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3225
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3226
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3227
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3228
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3229
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3230
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3231
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3232
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3233
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3234
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              }
            ],
            "repeated": 0,
            "id": 3235
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000a3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3236
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3237
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3238
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3239
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3240
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3241
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3242
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3243
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a3000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3244
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3245
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3246
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3247
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3248
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3249
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3250
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3251
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              }
            ],
            "repeated": 0,
            "id": 3252
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000de000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3253
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3254
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3255
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3256
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3257
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3258
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3259
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3260
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000de000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3261
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3262
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3263
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3264
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3265
          },
          {
            "timestamp": "2026-06-28 21:56:15,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3266
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3267
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3268
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              }
            ],
            "repeated": 0,
            "id": 3269
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3270
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3271
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3272
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3273
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3274
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3275
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3276
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3277
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3278
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3279
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3280
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3281
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3282
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3283
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3284
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3285
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              }
            ],
            "repeated": 0,
            "id": 3286
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3287
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3288
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3289
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3290
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3291
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3292
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3293
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3294
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3295
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3296
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3297
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3298
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3299
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3300
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3301
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3302
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              }
            ],
            "repeated": 0,
            "id": 3303
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3304
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3305
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3306
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3307
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3308
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3309
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3310
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3311
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3312
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3313
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3314
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3315
          },
          {
            "timestamp": "2026-06-28 21:56:15,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3316
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3317
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3318
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3319
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              }
            ],
            "repeated": 0,
            "id": 3320
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x001b9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3321
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3322
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3323
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3324
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3325
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3326
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001b9000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3327
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3328
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3329
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3330
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3331
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3332
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3333
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3334
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              }
            ],
            "repeated": 0,
            "id": 3335
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3336
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3337
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3338
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3339
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3340
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3341
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3342
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3343
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3344
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3345
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3346
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3347
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3348
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3349
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3350
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3351
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              }
            ],
            "repeated": 0,
            "id": 3352
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3353
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3354
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3355
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3356
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3357
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3358
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3359
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3360
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3361
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3362
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3363
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3364
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3365
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3366
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              }
            ],
            "repeated": 0,
            "id": 3367
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3368
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3369
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3370
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3371
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3372
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3373
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3374
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3375
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3376
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3377
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3378
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3379
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3380
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3381
          },
          {
            "timestamp": "2026-06-28 21:56:15,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3382
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              }
            ],
            "repeated": 0,
            "id": 3383
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3384
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3385
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3386
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3387
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3388
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3389
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3390
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3391
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3392
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3393
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3394
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3395
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3396
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3397
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3398
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3399
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 3400
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00034000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3401
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3402
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3403
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3404
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3405
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3406
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3407
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00034000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3408
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3409
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3410
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3411
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3412
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3413
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3414
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3415
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              }
            ],
            "repeated": 0,
            "id": 3416
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3417
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3418
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3419
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3420
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3421
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3422
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3423
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3424
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3425
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3426
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3427
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3428
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3429
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3430
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3431
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3432
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              }
            ],
            "repeated": 0,
            "id": 3433
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3434
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3435
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3436
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3437
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3438
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3439
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3440
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3441
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3442
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3443
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3444
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3445
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3446
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3447
          },
          {
            "timestamp": "2026-06-28 21:56:15,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3448
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              }
            ],
            "repeated": 0,
            "id": 3449
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3450
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3451
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3452
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3453
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3454
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3455
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3456
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3457
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3458
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3459
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3460
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3461
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3462
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3463
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3464
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              }
            ],
            "repeated": 0,
            "id": 3465
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0004b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3466
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3467
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3468
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3469
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3470
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3471
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3472
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3473
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3474
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3475
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3476
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3477
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3478
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3479
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3480
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              }
            ],
            "repeated": 0,
            "id": 3481
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00061000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3482
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3483
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3484
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3485
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00061000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3486
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3487
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3488
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3489
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3490
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3491
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3492
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3493
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              }
            ],
            "repeated": 0,
            "id": 3494
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00050000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3495
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3496
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3497
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3498
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3499
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3500
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3501
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3502
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3503
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3504
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3505
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3506
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3507
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3508
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3509
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3510
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              }
            ],
            "repeated": 0,
            "id": 3511
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3512
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3513
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3514
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3515
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3516
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3517
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3518
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3519
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3520
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3521
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3522
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3523
          },
          {
            "timestamp": "2026-06-28 21:56:15,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3524
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3525
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3526
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3527
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              }
            ],
            "repeated": 0,
            "id": 3528
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3529
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3530
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3531
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3532
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3533
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3534
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3535
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3536
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3537
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3538
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3539
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3540
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3541
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3542
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3543
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3544
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3545
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              }
            ],
            "repeated": 0,
            "id": 3546
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0004c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3547
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3548
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3549
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3550
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3551
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3552
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3553
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3554
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3555
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3556
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3557
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3558
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3559
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3560
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              }
            ],
            "repeated": 0,
            "id": 3561
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00cd6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3562
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3563
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3564
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3565
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3566
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ko-KR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ko-KR"
              }
            ],
            "repeated": 0,
            "id": 3567
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3568
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3569
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ValueName",
                "value": "ko-KR"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ko-KR"
              }
            ],
            "repeated": 0,
            "id": 3570
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 3571
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3572
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3573
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3574
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00cd6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3575
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3576
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3577
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3578
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3579
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3580
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3581
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3582
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 3583
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00c04000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3584
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3585
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3586
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3587
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3588
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3589
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3590
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3591
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00c04000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3592
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3593
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3594
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3595
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3596
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3597
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3598
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3599
          },
          {
            "timestamp": "2026-06-28 21:56:15,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              }
            ],
            "repeated": 0,
            "id": 3600
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x004da000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3601
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3602
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3603
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3604
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3605
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3606
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3607
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x004da000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3608
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3609
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3610
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3611
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3612
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3613
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3614
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3615
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              }
            ],
            "repeated": 0,
            "id": 3616
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0008c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3617
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3618
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3619
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3620
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3621
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3622
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3623
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3624
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3625
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3626
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3627
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3628
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3629
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3630
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              }
            ],
            "repeated": 0,
            "id": 3631
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0146a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3632
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3633
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3634
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3635
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3636
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "zh-TW"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-TW"
              }
            ],
            "repeated": 0,
            "id": 3637
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3638
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3639
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "zh-TW"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-TW"
              }
            ],
            "repeated": 0,
            "id": 3640
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3641
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3642
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "zh-HK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-HK"
              }
            ],
            "repeated": 0,
            "id": 3643
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3644
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3645
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ValueName",
                "value": "zh-HK"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-HK"
              }
            ],
            "repeated": 0,
            "id": 3646
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3647
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3648
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3649
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3650
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3651
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3652
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3653
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3654
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0146a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3655
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3656
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3657
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3658
          },
          {
            "timestamp": "2026-06-28 21:56:15,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3659
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3660
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3661
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3662
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 3663
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3664
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3665
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3666
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3667
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3668
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3669
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3670
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3671
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3672
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3673
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3674
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3675
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3676
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3677
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3678
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3679
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3680
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3681
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3682
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3683
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3684
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3685
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3686
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3687
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3688
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 3689
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00c48000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3690
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3691
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3692
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3693
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3694
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3695
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3696
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3697
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3698
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3699
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3700
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3701
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00c48000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3702
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3703
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3704
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3705
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3706
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3707
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3708
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3709
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              }
            ],
            "repeated": 0,
            "id": 3710
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3711
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3712
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3713
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3714
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3715
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3716
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3717
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3718
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3719
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3720
          },
          {
            "timestamp": "2026-06-28 21:56:15,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3721
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3722
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3723
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              }
            ],
            "repeated": 0,
            "id": 3724
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3725
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3726
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3727
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3728
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3729
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3730
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3731
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3732
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3733
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3734
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3735
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3736
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3737
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3738
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              }
            ],
            "repeated": 0,
            "id": 3739
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3740
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3741
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3742
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3743
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3744
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098e9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3745
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3746
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3747
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3748
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3749
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3750
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3751
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3752
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3753
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              }
            ],
            "repeated": 0,
            "id": 3754
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3755
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3756
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3757
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3758
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3759
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3760
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3761
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3762
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3763
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3764
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3765
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3766
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3767
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3768
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3769
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3770
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              }
            ],
            "repeated": 0,
            "id": 3771
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000d6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3772
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3773
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3774
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3775
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3776
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3777
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3778
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3779
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3780
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3781
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3782
          },
          {
            "timestamp": "2026-06-28 21:56:15,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3783
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3784
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3785
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3786
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              }
            ],
            "repeated": 0,
            "id": 3787
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3788
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3789
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3790
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3791
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3792
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3793
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3794
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3795
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3796
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3797
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3798
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3799
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3800
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3801
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3802
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              }
            ],
            "repeated": 0,
            "id": 3803
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3804
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3805
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3806
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3807
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3808
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3809
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3810
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3811
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 3812
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3813
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3814
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3815
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3816
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3817
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3818
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              }
            ],
            "repeated": 0,
            "id": 3819
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x012bd000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3820
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3821
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3822
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3823
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3824
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3825
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3826
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "zh-CN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN"
              }
            ],
            "repeated": 0,
            "id": 3827
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3828
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3829
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ValueName",
                "value": "zh-CN"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN"
              }
            ],
            "repeated": 0,
            "id": 3830
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 3831
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3832
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3833
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3834
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3835
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3836
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3837
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3838
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3839
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3840
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3841
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x012bd000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3842
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3843
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3844
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3845
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3846
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3847
          },
          {
            "timestamp": "2026-06-28 21:56:15,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3848
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3849
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 3850
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0100d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3851
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3852
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3853
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3854
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3855
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3856
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3857
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3858
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3859
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3860
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3861
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3862
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3863
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3864
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3865
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3866
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3867
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3868
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3869
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3870
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3871
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3872
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3873
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3874
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 3875
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00b94000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3876
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3877
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3878
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3879
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3880
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3881
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3882
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3883
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3884
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3885
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3886
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3887
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3888
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3889
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3890
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00b94000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3891
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3892
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3893
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3894
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3895
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3896
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3897
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3898
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              }
            ],
            "repeated": 0,
            "id": 3899
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0004a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3900
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3901
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3902
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3903
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3904
          },
          {
            "timestamp": "2026-06-28 21:56:15,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3905
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3906
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3907
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3908
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3909
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3910
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3911
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3912
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3913
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3914
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              }
            ],
            "repeated": 0,
            "id": 3915
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x02316000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3916
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3917
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3918
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3919
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3920
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3921
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3922
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3923
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3924
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3925
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3926
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3927
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3928
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3929
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3930
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3931
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3932
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3933
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3934
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3935
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3936
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3937
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x02316000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3938
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3939
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3940
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3941
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3942
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\modern.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3943
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\modern.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3944
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3945
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\modern.fon"
              }
            ],
            "repeated": 0,
            "id": 3946
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3947
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3948
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3949
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3950
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3951
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3952
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3953
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3954
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3955
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              }
            ],
            "repeated": 0,
            "id": 3956
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00047000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3957
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3958
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3959
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3960
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3961
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00047000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 3962
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 3963
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 3964
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3965
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3966
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3967
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 3968
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 3969
          },
          {
            "timestamp": "2026-06-28 21:56:15,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              }
            ],
            "repeated": 0,
            "id": 3970
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00893000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3971
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3972
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3973
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3974
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3975
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3976
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 3977
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ja-JP"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ja-JP"
              }
            ],
            "repeated": 0,
            "id": 3978
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3979
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 3980
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "ja-JP"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ja-JP"
              }
            ],
            "repeated": 0,
            "id": 3981
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 3982
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3983
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3984
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3985
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3986
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3987
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3988
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3989
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3990
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x098ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3991
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3992
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 3993
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3994
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3995
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 3996
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 3997
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09901000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3998
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 3999
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00893000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4000
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4001
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4002
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4003
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4004
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4005
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4006
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4007
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              }
            ],
            "repeated": 0,
            "id": 4008
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4009
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4010
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4011
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4012
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4013
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4014
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09903000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4015
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4016
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4017
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4018
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4019
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4020
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4021
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4022
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4023
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              }
            ],
            "repeated": 0,
            "id": 4024
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00057000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4025
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4026
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4027
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4028
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00057000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4029
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4030
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4031
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4032
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4033
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4034
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4035
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4036
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              }
            ],
            "repeated": 0,
            "id": 4037
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00052000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4038
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4039
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4040
          },
          {
            "timestamp": "2026-06-28 21:56:15,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4041
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4042
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09904000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4043
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00052000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4044
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4045
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4046
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4047
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4048
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4049
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4050
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4051
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              }
            ],
            "repeated": 0,
            "id": 4052
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00173000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4053
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4054
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4055
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4056
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4057
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4058
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09905000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4059
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00173000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4060
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4061
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4062
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4063
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4064
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4065
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4066
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4067
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              }
            ],
            "repeated": 0,
            "id": 4068
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00168000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4069
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4070
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4071
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4072
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4073
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4074
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4075
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09906000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4076
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00168000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4077
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4078
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4079
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4080
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4081
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4082
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4083
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4084
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              }
            ],
            "repeated": 0,
            "id": 4085
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0017c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4086
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4087
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4088
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4089
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4090
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4091
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09908000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4092
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0017c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4093
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4094
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4095
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4096
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4097
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4098
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4099
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4100
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              }
            ],
            "repeated": 0,
            "id": 4101
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00074000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4102
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4103
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4104
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4105
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4106
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09909000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4107
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00074000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4108
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4109
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4110
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4111
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4112
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4113
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4114
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4115
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              }
            ],
            "repeated": 0,
            "id": 4116
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00067000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4117
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4118
          },
          {
            "timestamp": "2026-06-28 21:56:15,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4119
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4120
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4121
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4122
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0990a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4123
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00067000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4124
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4125
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4126
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4127
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4128
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4129
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4130
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4131
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              }
            ],
            "repeated": 0,
            "id": 4132
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00052000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4133
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4134
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4135
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4136
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4137
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4138
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0990c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4139
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00052000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4140
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4141
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4142
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4143
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4144
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4145
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4146
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4147
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              }
            ],
            "repeated": 0,
            "id": 4148
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00066000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4149
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4150
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4151
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4152
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4153
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4154
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4155
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0990e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4156
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00066000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4157
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4158
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4159
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4160
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4161
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\roman.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4162
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\roman.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4163
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4164
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\roman.fon"
              }
            ],
            "repeated": 0,
            "id": 4165
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00004000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4166
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4167
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4168
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4169
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4170
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4171
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\script.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4172
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\script.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4173
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4174
          },
          {
            "timestamp": "2026-06-28 21:56:15,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\script.fon"
              }
            ],
            "repeated": 0,
            "id": 4175
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00003000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4176
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4177
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4178
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4179
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4180
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4181
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4182
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4183
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4184
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              }
            ],
            "repeated": 0,
            "id": 4185
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00040000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4186
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4187
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4188
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4189
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4190
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4191
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4192
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4193
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4194
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4195
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4196
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4197
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4198
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4199
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              }
            ],
            "repeated": 0,
            "id": 4200
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4201
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4202
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4203
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4204
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4205
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4206
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09910000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4207
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4208
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4209
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4210
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4211
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4212
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4213
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4214
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4215
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              }
            ],
            "repeated": 0,
            "id": 4216
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4217
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4218
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4219
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4220
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4221
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09911000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4222
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4223
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4224
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4225
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4226
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4227
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4228
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4229
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4230
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              }
            ],
            "repeated": 0,
            "id": 4231
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00092000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4232
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4233
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4234
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4235
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4236
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4237
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09912000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4238
          },
          {
            "timestamp": "2026-06-28 21:56:15,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09717000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4239
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00092000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4240
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4241
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4242
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4243
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4244
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4245
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4246
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4247
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              }
            ],
            "repeated": 0,
            "id": 4248
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0008e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4249
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4250
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09731000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4251
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4252
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4253
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4254
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4255
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4256
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4257
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4258
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4259
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4260
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4261
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4262
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              }
            ],
            "repeated": 0,
            "id": 4263
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000ea000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4264
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4265
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4266
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4267
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4268
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4269
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09913000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4270
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ea000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4271
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4272
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4273
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4274
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4275
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4276
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4277
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4278
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              }
            ],
            "repeated": 0,
            "id": 4279
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00050000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4280
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4281
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4282
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4283
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4284
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4285
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09915000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4286
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4287
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4288
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4289
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4290
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4291
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4292
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4293
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4294
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              }
            ],
            "repeated": 0,
            "id": 4295
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00057000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4296
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4297
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4298
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4299
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00057000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4300
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4301
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4302
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4303
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4304
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4305
          },
          {
            "timestamp": "2026-06-28 21:56:15,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4306
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4307
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              }
            ],
            "repeated": 0,
            "id": 4308
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4309
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4310
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4311
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4312
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4313
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4314
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09916000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4315
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e9000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4316
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4317
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4318
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4319
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4320
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4321
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4322
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4323
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              }
            ],
            "repeated": 0,
            "id": 4324
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00085000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4325
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4326
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4327
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4328
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4329
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4330
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09918000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4331
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00085000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4332
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4333
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4334
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4335
          },
          {
            "timestamp": "2026-06-28 21:56:15,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4336
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4337
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4338
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4339
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              }
            ],
            "repeated": 0,
            "id": 4340
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x001fa000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4341
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4342
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4343
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4344
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4345
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0991a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4346
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001fa000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4347
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 4348
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4349
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4350
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4351
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4352
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4353
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4354
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              }
            ],
            "repeated": 0,
            "id": 4355
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00156000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4356
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4357
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4358
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4359
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4360
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4361
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0991b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4362
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00156000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4363
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4364
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4365
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4366
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4367
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4368
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4369
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4370
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              }
            ],
            "repeated": 0,
            "id": 4371
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4372
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4373
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4374
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4375
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4376
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4377
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4378
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4379
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4380
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4381
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4382
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0991c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4383
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00082000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4384
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4385
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4386
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4387
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4388
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4389
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4390
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4391
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              }
            ],
            "repeated": 0,
            "id": 4392
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4393
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4394
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4395
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4396
          },
          {
            "timestamp": "2026-06-28 21:56:15,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4397
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4398
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4399
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4400
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4401
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4402
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4403
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0991d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4404
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4405
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4406
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4407
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4408
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4409
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4410
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4411
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4412
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              }
            ],
            "repeated": 0,
            "id": 4413
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00071000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4414
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4415
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4416
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4417
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4418
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4419
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4420
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0991f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4421
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00071000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4422
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4423
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4424
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4425
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4426
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4427
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4428
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4429
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              }
            ],
            "repeated": 0,
            "id": 4430
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000ee000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4431
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4432
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4433
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4434
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4435
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4436
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09920000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4437
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ee000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4438
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4439
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4440
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4441
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4442
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4443
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4444
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4445
          },
          {
            "timestamp": "2026-06-28 21:56:15,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 4446
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00070000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4447
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4448
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4449
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4450
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4451
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4452
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09921000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4453
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4454
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4455
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4456
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4457
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4458
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SEGOEUISL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4459
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuisl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4460
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4461
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuisl.ttf"
              }
            ],
            "repeated": 0,
            "id": 4462
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000d1000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4463
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4464
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4465
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4466
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4467
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4468
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09922000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4469
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4470
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4471
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4472
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4473
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4474
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4475
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4476
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4477
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              }
            ],
            "repeated": 0,
            "id": 4478
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00073000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4479
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4480
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4481
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4482
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4483
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4484
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 4485
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4486
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4487
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4488
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4489
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4490
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4491
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              }
            ],
            "repeated": 0,
            "id": 4492
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00258000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4493
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4494
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4495
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4496
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4497
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4498
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09924000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4499
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00258000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4500
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4501
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4502
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4503
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4504
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4505
          },
          {
            "timestamp": "2026-06-28 21:56:15,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4506
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4507
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              }
            ],
            "repeated": 0,
            "id": 4508
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0115f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4509
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4510
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4511
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4512
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 4513
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "zh-SG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-SG"
              }
            ],
            "repeated": 0,
            "id": 4514
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4515
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 4516
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ValueName",
                "value": "zh-SG"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-SG"
              }
            ],
            "repeated": 0,
            "id": 4517
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4518
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4519
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09925000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4520
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4521
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4522
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4523
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4524
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4525
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4526
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09926000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4527
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0115f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4528
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4529
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4530
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4531
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4532
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4533
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4534
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4535
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              }
            ],
            "repeated": 0,
            "id": 4536
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x01047000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4537
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4538
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4539
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4540
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4541
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4542
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4543
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4544
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09927000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4545
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x01047000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4546
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4547
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4548
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4549
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4550
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4551
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4552
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4553
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 4554
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4555
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4556
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4557
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4558
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4559
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4560
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4561
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4562
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09929000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4563
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4564
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4565
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4566
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4567
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4568
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4569
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0992a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4570
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4571
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4572
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4573
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4574
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4575
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4576
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0992b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4577
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4578
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4579
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4580
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4581
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4582
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4583
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0992d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4584
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4585
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4586
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4587
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4588
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4589
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4590
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0992e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4591
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4592
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4593
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4594
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4595
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4596
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4597
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09930000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4598
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4599
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4600
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4601
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4602
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4603
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4604
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4605
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4606
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 4607
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4608
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4609
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4610
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4611
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4612
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4613
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4614
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09931000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4615
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4616
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4617
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4618
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4619
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4620
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4621
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09933000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4622
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4623
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4624
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4625
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4626
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4627
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4628
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09934000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4629
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4630
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4631
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4632
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4633
          },
          {
            "timestamp": "2026-06-28 21:56:15,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4634
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4635
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09936000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4636
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4637
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4638
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4639
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4640
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4641
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4642
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09937000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4643
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4644
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4645
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4646
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4647
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4648
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4649
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09939000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4650
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4651
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4652
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4653
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4654
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4655
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4656
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4657
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4658
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 4659
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4660
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4661
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4662
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4663
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4664
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0993a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4665
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4666
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4667
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4668
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4669
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0993b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4670
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4671
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4672
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4673
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4674
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0993d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4675
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4676
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4677
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4678
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4679
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0993e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4680
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4681
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4682
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4683
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4684
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09940000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4685
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4686
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4687
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4688
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4689
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09941000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4690
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4691
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4692
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4693
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4694
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4695
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4696
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4697
          },
          {
            "timestamp": "2026-06-28 21:56:15,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4698
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 4699
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4700
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4701
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4702
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4703
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4704
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09943000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4705
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4706
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4707
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4708
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4709
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4710
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09944000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4711
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4712
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4713
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4714
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4715
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4716
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4717
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09946000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4718
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4719
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4720
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4721
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4722
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4723
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4724
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09947000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4725
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4726
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4727
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4728
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4729
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4730
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4731
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09949000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4732
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4733
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4734
          },
          {
            "timestamp": "2026-06-28 21:56:16,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4735
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4736
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4737
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4738
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0994a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4739
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4740
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 4741
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4742
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4743
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4744
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4745
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4746
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4747
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              }
            ],
            "repeated": 0,
            "id": 4748
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4749
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4750
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4751
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4752
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4753
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4754
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0994c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4755
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4756
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4757
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4758
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4759
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4760
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4761
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4762
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4763
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              }
            ],
            "repeated": 0,
            "id": 4764
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4765
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4766
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4767
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4768
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4769
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0994d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4770
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4771
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4772
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4773
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4774
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4775
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4776
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4777
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4778
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              }
            ],
            "repeated": 0,
            "id": 4779
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4780
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4781
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4782
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4783
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4784
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4785
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4786
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4787
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4788
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0994e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4789
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4790
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4791
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4792
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4793
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4794
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4795
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4796
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4797
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              }
            ],
            "repeated": 0,
            "id": 4798
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000d4000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4799
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4800
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4801
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4802
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4803
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4804
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4805
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0994f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4806
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d4000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4807
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4808
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4809
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4810
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4811
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4812
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4813
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4814
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              }
            ],
            "repeated": 0,
            "id": 4815
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00124000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4816
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4817
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4818
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4819
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4820
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4821
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4822
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09951000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4823
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00124000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4824
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4825
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4826
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4827
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4828
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4829
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4830
          },
          {
            "timestamp": "2026-06-28 21:56:16,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4831
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 4832
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00120000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4833
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4834
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4835
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4836
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4837
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4838
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4839
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09953000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4840
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00120000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4841
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4842
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4843
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4844
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4845
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4846
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4847
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4848
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 4849
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000d8000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4850
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4851
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4852
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4853
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4854
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4855
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4856
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4857
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09955000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4858
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d8000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4859
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4860
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4861
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4862
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4863
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4864
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4865
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4866
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              }
            ],
            "repeated": 0,
            "id": 4867
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x000e6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4868
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4869
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4870
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4871
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4872
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4873
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4874
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09957000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4875
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4876
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4877
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4878
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4879
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4880
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4881
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4882
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4883
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              }
            ],
            "repeated": 0,
            "id": 4884
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4885
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4886
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4887
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4888
          },
          {
            "timestamp": "2026-06-28 21:56:16,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4889
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4890
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09959000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4891
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4892
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4893
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4894
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4895
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4896
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4897
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4898
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4899
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 4900
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4901
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4902
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4903
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4904
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4905
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0995a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4906
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4907
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4908
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4909
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4910
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4911
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4912
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4913
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4914
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 4915
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4916
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4917
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4918
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4919
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4920
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0995c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4921
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4922
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 4923
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4924
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4925
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4926
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4927
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4928
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4929
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              }
            ],
            "repeated": 0,
            "id": 4930
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4931
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4932
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4933
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4934
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4935
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4936
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0995d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4937
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4938
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4939
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4940
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4941
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4942
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4943
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4944
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4945
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              }
            ],
            "repeated": 0,
            "id": 4946
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4947
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4948
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4949
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4950
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09740000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4951
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4952
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0995f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4953
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4954
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4955
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4956
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4957
          },
          {
            "timestamp": "2026-06-28 21:56:16,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4958
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4959
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4960
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4961
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              }
            ],
            "repeated": 0,
            "id": 4962
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00034000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4963
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4964
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4965
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4966
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4967
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09960000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4968
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00034000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4969
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4970
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4971
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4972
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4973
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4974
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4975
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4976
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 4977
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4978
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4979
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 1,
            "id": 4980
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4981
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4982
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4983
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4984
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 4985
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09961000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4986
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 4987
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 4988
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 4989
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4990
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4991
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4992
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 4993
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 4994
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              }
            ],
            "repeated": 0,
            "id": 4995
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4996
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 4997
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 4998
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 4999
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09740000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5000
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5001
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09962000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5002
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5003
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5004
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5005
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5006
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5007
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5008
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5009
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5010
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5011
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5012
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5013
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5014
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              }
            ],
            "repeated": 0,
            "id": 5015
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5016
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5017
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5018
          },
          {
            "timestamp": "2026-06-28 21:56:16,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5019
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5020
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09963000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5021
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5022
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5023
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5024
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5025
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5026
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5027
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5028
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5029
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              }
            ],
            "repeated": 0,
            "id": 5030
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5031
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5032
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5033
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5034
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5035
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5036
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09964000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5037
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5038
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5039
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5040
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5041
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5042
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5043
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5044
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5045
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              }
            ],
            "repeated": 0,
            "id": 5046
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00dda000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5047
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5048
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5049
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0970b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5050
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5051
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5052
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5053
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5054
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09966000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5055
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5056
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5057
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5058
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5059
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5060
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5061
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09968000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5062
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5063
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5064
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5065
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5066
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5067
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5068
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0996a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5069
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5070
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dda000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5071
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5072
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5073
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5074
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5075
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5076
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5077
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5078
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              }
            ],
            "repeated": 0,
            "id": 5079
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5080
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5081
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5082
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5083
          },
          {
            "timestamp": "2026-06-28 21:56:16,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5084
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5085
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0996d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5086
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5087
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5088
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5089
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5090
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5091
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5092
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0996f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5093
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5094
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5095
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5096
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5097
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5098
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5099
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5100
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5101
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5102
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              }
            ],
            "repeated": 0,
            "id": 5103
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5104
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5105
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5106
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5107
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5108
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5109
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09972000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5110
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5111
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5112
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5113
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5114
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5115
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5116
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09974000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5117
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5118
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5119
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5120
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5121
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5122
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5123
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5124
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5125
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5126
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              }
            ],
            "repeated": 0,
            "id": 5127
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5128
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5129
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5130
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5131
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5132
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5133
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09976000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5134
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5135
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5136
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5137
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5138
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5139
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5140
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09979000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5141
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09747000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5142
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5143
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5144
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5145
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5146
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5147
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\coure.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5148
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\coure.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5149
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5150
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\coure.fon"
              }
            ],
            "repeated": 0,
            "id": 5151
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00006000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5152
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5153
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5154
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5155
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5156
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5157
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courf.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5158
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\courf.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5159
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5160
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courf.fon"
              }
            ],
            "repeated": 0,
            "id": 5161
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00008000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5162
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5163
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5164
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5165
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5166
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5167
          },
          {
            "timestamp": "2026-06-28 21:56:16,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\serife.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5168
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\serife.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5169
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5170
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\serife.fon"
              }
            ],
            "repeated": 0,
            "id": 5171
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5172
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5173
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5174
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5175
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5176
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5177
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seriff.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5178
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seriff.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5179
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5180
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seriff.fon"
              }
            ],
            "repeated": 0,
            "id": 5181
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5182
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5183
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5184
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5185
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5186
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5187
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sserife.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5188
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\sserife.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5189
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5190
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sserife.fon"
              }
            ],
            "repeated": 0,
            "id": 5191
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5192
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5193
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5194
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5195
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5196
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5197
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sseriff.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5198
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\sseriff.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5199
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5200
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sseriff.fon"
              }
            ],
            "repeated": 0,
            "id": 5201
          },
          {
            "timestamp": "2026-06-28 21:56:16,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00016000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5202
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5203
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5204
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5205
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5206
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5207
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smalle.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5208
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\smalle.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5209
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5210
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smalle.fon"
              }
            ],
            "repeated": 0,
            "id": 5211
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00007000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5212
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5213
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5214
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5215
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5216
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5217
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smallf.fon"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5218
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\smallf.fon"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5219
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5220
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\smallf.fon"
              }
            ],
            "repeated": 0,
            "id": 5221
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00006000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5222
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5223
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5224
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5225
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5226
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5227
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\EQUATION\\MTEXTRA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5228
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Program Files\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5229
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5230
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF"
              }
            ],
            "repeated": 0,
            "id": 5231
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5232
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5233
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5234
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5235
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5236
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5237
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5238
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5239
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5240
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5241
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5242
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5243
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5244
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              }
            ],
            "repeated": 0,
            "id": 5245
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5246
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5247
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5248
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5249
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5250
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5251
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0997b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5252
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5253
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5254
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5255
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5256
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5257
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5258
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5259
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5260
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              }
            ],
            "repeated": 0,
            "id": 5261
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5262
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5263
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5264
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5265
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5266
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5267
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5268
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0997d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5269
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5270
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5271
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5272
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5273
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5274
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5275
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5276
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5277
          },
          {
            "timestamp": "2026-06-28 21:56:16,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              }
            ],
            "repeated": 0,
            "id": 5278
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5279
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5280
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5281
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5282
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5283
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5284
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0997e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5285
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5286
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5287
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5288
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5289
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5290
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5291
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5292
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5293
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              }
            ],
            "repeated": 0,
            "id": 5294
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5295
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5296
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5297
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5298
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5299
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5300
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5301
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5302
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5303
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5304
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5305
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5306
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              }
            ],
            "repeated": 0,
            "id": 5307
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00009000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5308
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5309
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5310
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5311
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5312
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0997f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5313
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5314
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5315
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5316
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5317
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5318
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5319
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5320
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5321
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5322
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5323
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5324
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5325
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5326
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5327
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5328
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09980000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5329
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5330
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5331
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5332
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5333
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5334
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5335
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5336
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5337
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              }
            ],
            "repeated": 0,
            "id": 5338
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5339
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5340
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5341
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5342
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5343
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5344
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5345
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5346
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5347
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5348
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5349
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5350
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5351
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5352
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              }
            ],
            "repeated": 0,
            "id": 5353
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5354
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5355
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5356
          },
          {
            "timestamp": "2026-06-28 21:56:16,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5357
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5358
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5359
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5360
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09981000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5361
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5362
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5363
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5364
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5365
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5366
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5367
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5368
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5369
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5370
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5371
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5372
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5373
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5374
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5375
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5376
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5377
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5378
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5379
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5380
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5381
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5382
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5383
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5384
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              }
            ],
            "repeated": 0,
            "id": 5385
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5386
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5387
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5388
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5389
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5390
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09746000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5391
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5392
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5393
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09982000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5394
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5395
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5396
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5397
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5398
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5399
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5400
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5401
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5402
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              }
            ],
            "repeated": 0,
            "id": 5403
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5404
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5405
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5406
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5407
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5408
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09748000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5409
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5410
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5411
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09983000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5412
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5413
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5414
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5415
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5416
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5417
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5418
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5419
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5420
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              }
            ],
            "repeated": 0,
            "id": 5421
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5422
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5423
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5424
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5425
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5426
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5427
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5428
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5429
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5430
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5431
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5432
          },
          {
            "timestamp": "2026-06-28 21:56:16,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5433
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5434
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5435
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              }
            ],
            "repeated": 0,
            "id": 5436
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5437
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5438
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5439
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5440
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5441
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5442
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5443
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09984000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5444
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5445
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5446
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5447
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5448
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5449
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5450
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5451
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5452
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              }
            ],
            "repeated": 0,
            "id": 5453
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5454
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5455
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5456
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5457
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5458
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5459
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5460
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5461
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5462
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5463
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5464
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5465
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5466
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5467
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5468
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5469
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5470
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5471
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5472
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5473
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5474
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5475
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09985000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5476
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5477
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5478
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5479
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5480
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5481
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5482
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5483
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5484
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              }
            ],
            "repeated": 0,
            "id": 5485
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5486
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5487
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5488
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5489
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5490
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09748000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5491
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5492
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5493
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5494
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5495
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5496
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5497
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5498
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5499
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              }
            ],
            "repeated": 0,
            "id": 5500
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5501
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5502
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5503
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5504
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5505
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5506
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09986000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5507
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5508
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5509
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5510
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5511
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5512
          },
          {
            "timestamp": "2026-06-28 21:56:16,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5513
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5514
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5515
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              }
            ],
            "repeated": 0,
            "id": 5516
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5517
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5518
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5519
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5520
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5521
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5522
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5523
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09987000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5524
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5525
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5526
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5527
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5528
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5529
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5530
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5531
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5532
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              }
            ],
            "repeated": 0,
            "id": 5533
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00031000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5534
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5535
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5536
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5537
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5538
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5539
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5540
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5541
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09989000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5542
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5543
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 5544
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5545
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5546
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5547
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5548
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5549
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5550
          },
          {
            "timestamp": "2026-06-28 21:56:16,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              }
            ],
            "repeated": 0,
            "id": 5551
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00027000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5552
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5553
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5554
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5555
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5556
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5557
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5558
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0998b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5559
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00027000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5560
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5561
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5562
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5563
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5564
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5565
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5566
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5567
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5568
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5569
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5570
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5571
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5572
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5573
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5574
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5575
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0998d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5576
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5577
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5578
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5579
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5580
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5581
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5582
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5583
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5584
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              }
            ],
            "repeated": 0,
            "id": 5585
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5586
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5587
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5588
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5589
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5590
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5591
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5592
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0998e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5593
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5594
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5595
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5596
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5597
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5598
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5599
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5600
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5601
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5602
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5603
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5604
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5605
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5606
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5607
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5608
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5609
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5610
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5611
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5612
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5613
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              }
            ],
            "repeated": 0,
            "id": 5614
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5615
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5616
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5617
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0998f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5618
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5619
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 5620
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5621
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5622
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5623
          },
          {
            "timestamp": "2026-06-28 21:56:16,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5624
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5625
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5626
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5627
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5628
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5629
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5630
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5631
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5632
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5633
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5634
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5635
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5636
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5637
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 5638
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5639
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5640
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5641
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5642
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5643
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c71000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5644
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5645
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5646
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09990000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5647
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5648
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5649
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5650
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5651
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5652
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5653
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5654
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5655
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5656
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5657
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5658
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5659
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5660
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09991000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5661
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5662
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5663
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5664
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5665
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5666
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5667
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5668
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5669
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5670
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5671
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5672
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5673
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09992000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5674
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5675
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5676
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5677
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5678
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5679
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5680
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5681
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5682
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5683
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5684
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5685
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5686
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5687
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5688
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5689
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5690
          },
          {
            "timestamp": "2026-06-28 21:56:16,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5691
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5692
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5693
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              }
            ],
            "repeated": 0,
            "id": 5694
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5695
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5696
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5697
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09994000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5698
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5699
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5700
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5701
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5702
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5703
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5704
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5705
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5706
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              }
            ],
            "repeated": 0,
            "id": 5707
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5708
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5709
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5710
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09995000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5711
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5712
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5713
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5714
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5715
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5716
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5717
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5718
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5719
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              }
            ],
            "repeated": 0,
            "id": 5720
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5721
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5722
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5723
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5724
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09729000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5725
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09729000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5726
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5727
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09996000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5728
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5729
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5730
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5731
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5732
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5733
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5734
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5735
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5736
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              }
            ],
            "repeated": 0,
            "id": 5737
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5738
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5739
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5740
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5741
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5742
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5743
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5744
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5745
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5746
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5747
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5748
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5749
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              }
            ],
            "repeated": 0,
            "id": 5750
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5751
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5752
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5753
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5754
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5755
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5756
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09997000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5757
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5758
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 5759
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 5760
          },
          {
            "timestamp": "2026-06-28 21:56:16,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5761
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5762
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5763
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5764
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5765
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              }
            ],
            "repeated": 0,
            "id": 5766
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5767
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5768
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5769
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5770
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5771
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5772
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5773
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5774
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5775
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5776
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5777
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5778
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5779
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5780
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5781
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09998000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5782
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5783
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5784
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5785
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5786
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5787
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5788
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5789
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5790
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              }
            ],
            "repeated": 0,
            "id": 5791
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5792
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5793
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5794
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5795
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5796
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5797
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5798
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5799
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5800
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5801
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 5802
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5803
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5804
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5805
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09999000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5806
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5807
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5808
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5809
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5810
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5811
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5812
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5813
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5814
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              }
            ],
            "repeated": 0,
            "id": 5815
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5816
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5817
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5818
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5819
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5820
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5821
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5822
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5823
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5824
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5825
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5826
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5827
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5828
          },
          {
            "timestamp": "2026-06-28 21:56:16,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              }
            ],
            "repeated": 0,
            "id": 5829
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5830
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5831
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5832
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5833
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5834
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5835
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5836
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5837
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5838
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5839
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5840
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5841
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5842
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5843
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5844
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5845
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 5846
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5847
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5848
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5849
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5850
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5851
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5852
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5853
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5854
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5855
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5856
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5857
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5858
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5859
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5860
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              }
            ],
            "repeated": 0,
            "id": 5861
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5862
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5863
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5864
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5865
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5866
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5867
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5868
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5869
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5870
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5871
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5872
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5873
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5874
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5875
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5876
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5877
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              }
            ],
            "repeated": 0,
            "id": 5878
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5879
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5880
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5881
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5882
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5883
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5884
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5885
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5886
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5887
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5888
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5889
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              }
            ],
            "repeated": 0,
            "id": 5890
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5891
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5892
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5893
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5894
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5895
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 5896
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5897
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5898
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5899
          },
          {
            "timestamp": "2026-06-28 21:56:16,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5900
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5901
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5902
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              }
            ],
            "repeated": 0,
            "id": 5903
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5904
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5905
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5906
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5907
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5908
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5909
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5910
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5911
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5912
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5913
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              }
            ],
            "repeated": 0,
            "id": 5914
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5915
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5916
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5917
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5918
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5919
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5920
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5921
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5922
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5923
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5924
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5925
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5926
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5927
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5928
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5929
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              }
            ],
            "repeated": 0,
            "id": 5930
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5931
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5932
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5933
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5934
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5935
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5936
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5937
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5938
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5939
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5940
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5941
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5942
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5943
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              }
            ],
            "repeated": 0,
            "id": 5944
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5945
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5946
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5947
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5948
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5949
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5950
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5951
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5952
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5953
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5954
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              }
            ],
            "repeated": 0,
            "id": 5955
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5956
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5957
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5958
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5959
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5960
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5961
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0999f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5962
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5963
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 5964
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5965
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5966
          },
          {
            "timestamp": "2026-06-28 21:56:16,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5967
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5968
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5969
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5970
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5971
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5972
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5973
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5974
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5975
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5976
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5977
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5978
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5979
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5980
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 5981
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5982
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5983
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5984
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5985
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 5986
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 5987
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              }
            ],
            "repeated": 0,
            "id": 5988
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5989
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 5990
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5991
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5992
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 5993
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5994
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 5995
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 5996
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 5997
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 5998
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 5999
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6000
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6001
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6002
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6003
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6004
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              }
            ],
            "repeated": 0,
            "id": 6005
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6006
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6007
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6008
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6009
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 6010
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6011
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6012
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6013
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6014
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6015
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6016
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              }
            ],
            "repeated": 0,
            "id": 6017
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6018
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6019
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6020
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6021
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6022
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6023
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6024
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6025
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 6026
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6027
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6028
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6029
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6030
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6031
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6032
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              }
            ],
            "repeated": 0,
            "id": 6033
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6034
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6035
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6036
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6037
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 6038
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6039
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6040
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6041
          },
          {
            "timestamp": "2026-06-28 21:56:16,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6042
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6043
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6044
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              }
            ],
            "repeated": 0,
            "id": 6045
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6046
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6047
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6048
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6049
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6050
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6051
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6052
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6053
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6054
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6055
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6056
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6057
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6058
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6059
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6060
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              }
            ],
            "repeated": 0,
            "id": 6061
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6062
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6063
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6064
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6065
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6066
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6067
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6068
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6069
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6070
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6071
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6072
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6073
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6074
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6075
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6076
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6077
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6078
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 6079
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6080
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6081
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6082
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6083
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6084
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6085
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6086
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6087
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6088
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6089
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6090
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6091
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6092
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6093
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6094
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6095
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              }
            ],
            "repeated": 0,
            "id": 6096
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6097
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6098
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6099
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6100
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6101
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6102
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6103
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6104
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6105
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6106
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6107
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6108
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6109
          },
          {
            "timestamp": "2026-06-28 21:56:16,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6110
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6111
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6112
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6113
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6114
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6115
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6116
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6117
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6118
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6119
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6120
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6121
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6122
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6123
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6124
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6125
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6126
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6127
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6128
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6129
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              }
            ],
            "repeated": 0,
            "id": 6130
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6131
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6132
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6133
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6134
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6135
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6136
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6137
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6138
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6139
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6140
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6141
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6142
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6143
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6144
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 6145
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6146
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6147
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6148
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6149
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6150
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6151
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6152
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6153
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6154
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6155
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6156
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6157
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6158
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6159
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6160
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6161
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              }
            ],
            "repeated": 0,
            "id": 6162
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6163
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6164
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6165
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6166
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6167
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6168
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6169
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6170
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6171
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6172
          },
          {
            "timestamp": "2026-06-28 21:56:16,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6173
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6174
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6175
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6176
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6177
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6178
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6179
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6180
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6181
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6182
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6183
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6184
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6185
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6186
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6187
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6188
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6189
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              }
            ],
            "repeated": 0,
            "id": 6190
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6191
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6192
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6193
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6194
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099a9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6195
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6196
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6197
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6198
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6199
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6200
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6201
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6202
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6203
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6204
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6205
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6206
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6207
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099aa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6208
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6209
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6210
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6211
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6212
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6213
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6214
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6215
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6216
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6217
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6218
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6219
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6220
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6221
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6222
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6223
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6224
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6225
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6226
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6227
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6228
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6229
          },
          {
            "timestamp": "2026-06-28 21:56:16,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6230
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6231
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6232
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6233
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6234
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6235
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6236
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6237
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6238
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6239
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6240
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6241
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6242
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6243
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6244
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6245
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6246
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6247
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6248
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6249
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6250
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6251
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6252
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6253
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6254
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6255
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6256
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              }
            ],
            "repeated": 0,
            "id": 6257
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6258
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6259
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6260
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6261
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6262
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6263
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6264
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6265
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6266
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6267
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6268
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6269
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6270
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6271
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6272
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6273
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 6274
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6275
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6276
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6277
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6278
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6279
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6280
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6281
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6282
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6283
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6284
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6285
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6286
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6287
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6288
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6289
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6290
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6291
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6292
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6293
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6294
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6295
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6296
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6297
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6298
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6299
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6300
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6301
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6302
          },
          {
            "timestamp": "2026-06-28 21:56:16,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6303
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              }
            ],
            "repeated": 0,
            "id": 6304
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6305
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6306
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6307
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6308
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6309
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cd2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00034000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6310
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6311
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6312
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6313
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6314
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6315
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6316
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6317
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6318
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6319
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6320
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6321
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              }
            ],
            "repeated": 0,
            "id": 6322
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6323
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6324
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6325
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6326
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6327
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6328
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6329
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6330
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6331
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6332
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6333
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6334
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6335
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6336
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6337
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 6338
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6339
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6340
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6341
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6342
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6343
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6344
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6345
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6346
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6347
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6348
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6349
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6350
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6351
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6352
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6353
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6354
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6355
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6356
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6357
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6358
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6359
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6360
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6361
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6362
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6363
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6364
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6365
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6366
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6367
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6368
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6369
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6370
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6371
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6372
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6373
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              }
            ],
            "repeated": 0,
            "id": 6374
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6375
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6376
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6377
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6378
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6379
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6380
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6381
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6382
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6383
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6384
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6385
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              }
            ],
            "repeated": 0,
            "id": 6386
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6387
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6388
          },
          {
            "timestamp": "2026-06-28 21:56:16,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6389
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6390
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6391
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6392
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6393
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6394
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6395
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6396
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6397
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6398
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 6399
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6400
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6401
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6402
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6403
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6404
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6405
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6406
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6407
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6408
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6409
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6410
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6411
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6412
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6413
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6414
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6415
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              }
            ],
            "repeated": 0,
            "id": 6416
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6417
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6418
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6419
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6420
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6421
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6422
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6423
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6424
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6425
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6426
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6427
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6428
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6429
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              }
            ],
            "repeated": 0,
            "id": 6430
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6431
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6432
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6433
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6434
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6435
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6436
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6437
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6438
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6439
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6440
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              }
            ],
            "repeated": 0,
            "id": 6441
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6442
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6443
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6444
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6445
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6446
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 6447
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 6448
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6449
          },
          {
            "timestamp": "2026-06-28 21:56:16,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6450
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6451
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6452
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6453
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              }
            ],
            "repeated": 0,
            "id": 6454
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6455
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6456
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6457
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6458
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6459
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6460
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6461
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099b9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6462
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6463
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6464
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6465
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6466
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6467
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6468
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6469
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6470
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              }
            ],
            "repeated": 0,
            "id": 6471
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6472
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6473
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6474
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6475
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6476
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6477
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6478
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6479
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6480
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6481
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6482
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6483
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6484
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6485
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              }
            ],
            "repeated": 0,
            "id": 6486
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6487
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6488
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6489
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6490
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6491
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6492
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6493
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6494
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6495
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6496
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6497
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6498
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6499
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              }
            ],
            "repeated": 0,
            "id": 6500
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6501
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6502
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6503
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6504
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6505
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6506
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6507
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6508
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6509
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6510
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              }
            ],
            "repeated": 0,
            "id": 6511
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6512
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6513
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6514
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6515
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6516
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfc000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6517
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6518
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099bb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6519
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6520
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6521
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6522
          },
          {
            "timestamp": "2026-06-28 21:56:16,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6523
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6524
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6525
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6526
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6527
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              }
            ],
            "repeated": 0,
            "id": 6528
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6529
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6530
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6531
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6532
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6533
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6534
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6535
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099bc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6536
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6537
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6538
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6539
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6540
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6541
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6542
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6543
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6544
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6545
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6546
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6547
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6548
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6549
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6550
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6551
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6552
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6553
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6554
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6555
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6556
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6557
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6558
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6559
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6560
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6561
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 6562
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6563
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6564
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6565
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6566
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6567
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6568
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6569
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099be000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6570
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6571
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6572
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6573
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6574
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6575
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6576
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6577
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6578
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              }
            ],
            "repeated": 0,
            "id": 6579
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6580
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6581
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6582
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6583
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6584
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6585
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6586
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6587
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6588
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6589
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6590
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6591
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6592
          },
          {
            "timestamp": "2026-06-28 21:56:16,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6593
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6594
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6595
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              }
            ],
            "repeated": 0,
            "id": 6596
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6597
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6598
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6599
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6600
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6601
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6602
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6603
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6604
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6605
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6606
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6607
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6608
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6609
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6610
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6611
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6612
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              }
            ],
            "repeated": 0,
            "id": 6613
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6614
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6615
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6616
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6617
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6618
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6619
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6620
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6621
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6622
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6623
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6624
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6625
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6626
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6627
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6628
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6629
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6630
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6631
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6632
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              }
            ],
            "repeated": 0,
            "id": 6633
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6634
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6635
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6636
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6637
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6638
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6639
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6640
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6641
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6642
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6643
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6644
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6645
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6646
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6647
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6648
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6649
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6650
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6651
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              }
            ],
            "repeated": 0,
            "id": 6652
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0001d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6653
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6654
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6655
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6656
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6657
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6658
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6659
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6660
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6661
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6662
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6663
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6664
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6665
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6666
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6667
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6668
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6669
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              }
            ],
            "repeated": 0,
            "id": 6670
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6671
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6672
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6673
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6674
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6675
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6676
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6677
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6678
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6679
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6680
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6681
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6682
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6683
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6684
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6685
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6686
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              }
            ],
            "repeated": 0,
            "id": 6687
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6688
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6689
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6690
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6691
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6692
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6693
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6694
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6695
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6696
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6697
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6698
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6699
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6700
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6701
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6702
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6703
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              }
            ],
            "repeated": 0,
            "id": 6704
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6705
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6706
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6707
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6708
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6709
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6710
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6711
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6712
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6713
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6714
          },
          {
            "timestamp": "2026-06-28 21:56:16,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6715
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6716
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6717
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 6718
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6719
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6720
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6721
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6722
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6723
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6724
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6725
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6726
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6727
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6728
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6729
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6730
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6731
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              }
            ],
            "repeated": 0,
            "id": 6732
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6733
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6734
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6735
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6736
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6737
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6738
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6739
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6740
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6741
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6742
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6743
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6744
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6745
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6746
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6747
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6748
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              }
            ],
            "repeated": 0,
            "id": 6749
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6750
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6751
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6752
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6753
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6754
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6755
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6756
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6757
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6758
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6759
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6760
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6761
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6762
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6763
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              }
            ],
            "repeated": 0,
            "id": 6764
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6765
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6766
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6767
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6768
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6769
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6770
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6771
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099c9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6772
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6773
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6774
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6775
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6776
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6777
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6778
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6779
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6780
          },
          {
            "timestamp": "2026-06-28 21:56:16,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 6781
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6782
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6783
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6784
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6785
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6786
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6787
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6788
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6789
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6790
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6791
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6792
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6793
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6794
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6795
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6796
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6797
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6798
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6799
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6800
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6801
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6802
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6803
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6804
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6805
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6806
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6807
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6808
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6809
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6810
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              }
            ],
            "repeated": 0,
            "id": 6811
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6812
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6813
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6814
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6815
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6816
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6817
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6818
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099cc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6819
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6820
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6821
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6822
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6823
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6824
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6825
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6826
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6827
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6828
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6829
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6830
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6831
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6832
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6833
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6834
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6835
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6836
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6837
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6838
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6839
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6840
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6841
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6842
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6843
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              }
            ],
            "repeated": 0,
            "id": 6844
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6845
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6846
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6847
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6848
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6849
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6850
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6851
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099cd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6852
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6853
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6854
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6855
          },
          {
            "timestamp": "2026-06-28 21:56:16,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6856
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6857
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6858
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6859
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6860
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              }
            ],
            "repeated": 0,
            "id": 6861
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6862
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6863
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6864
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6865
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6866
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6867
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6868
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6869
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6870
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6871
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6872
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6873
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6874
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6875
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6876
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6877
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6878
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              }
            ],
            "repeated": 0,
            "id": 6879
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6880
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6881
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6882
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6883
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6884
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6885
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6886
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6887
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6888
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6889
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6890
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6891
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6892
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6893
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              }
            ],
            "repeated": 0,
            "id": 6894
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6895
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6896
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6897
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6898
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6899
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6900
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6901
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6902
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099cf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6903
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6904
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6905
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6906
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6907
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6908
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6909
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6910
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6911
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6912
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6913
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6914
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6915
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6916
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6917
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6918
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6919
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6920
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6921
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6922
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6923
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6924
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6925
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6926
          },
          {
            "timestamp": "2026-06-28 21:56:16,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6927
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6928
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6929
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              }
            ],
            "repeated": 0,
            "id": 6930
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6931
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6932
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6933
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6934
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6935
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6936
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6937
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6938
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6939
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6940
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6941
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6942
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6943
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6944
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              }
            ],
            "repeated": 0,
            "id": 6945
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6946
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6947
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6948
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6949
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6950
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6951
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6952
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6953
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6954
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6955
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 6956
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 6957
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6958
          },
          {
            "timestamp": "2026-06-28 21:56:16,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6959
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6960
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6961
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6962
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6963
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6964
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6965
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6966
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6967
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6968
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6969
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6970
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6971
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6972
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6973
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6974
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6975
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 6976
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6977
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6978
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6979
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6980
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 6981
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6982
          },
          {
            "timestamp": "2026-06-28 21:56:16,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              }
            ],
            "repeated": 0,
            "id": 6983
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6984
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6985
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6986
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6987
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6988
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6989
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 6990
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6991
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6992
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 6993
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 6994
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 6995
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 6996
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 6997
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 6998
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 6999
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7000
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7001
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7002
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              }
            ],
            "repeated": 0,
            "id": 7003
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7004
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7005
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7006
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7007
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7008
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7009
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7010
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7011
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7012
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7013
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7014
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 7015
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7016
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7017
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7018
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7019
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7020
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7021
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              }
            ],
            "repeated": 0,
            "id": 7022
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7023
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7024
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7025
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7026
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7027
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7028
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7029
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7030
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 7031
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7032
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7033
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7034
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7035
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7036
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7037
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 7038
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7039
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7040
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7041
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7042
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7043
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7044
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7045
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099d9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7046
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7047
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 7048
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7049
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7050
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7051
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7052
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7053
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7054
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7055
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7056
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7057
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7058
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7059
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7060
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7061
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7062
          },
          {
            "timestamp": "2026-06-28 21:56:16,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099da000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7063
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7064
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 7065
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7066
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7067
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7068
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7069
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7070
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7071
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7072
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7073
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7074
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7075
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7076
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7077
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7078
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099db000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7079
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7080
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7081
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7082
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7083
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7084
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7085
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7086
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7087
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7088
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7089
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7090
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7091
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7092
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7093
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7094
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7095
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7096
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7097
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7098
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7099
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7100
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7101
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7102
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7103
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              }
            ],
            "repeated": 0,
            "id": 7104
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7105
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7106
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7107
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7108
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7109
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7110
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7111
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7112
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7113
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7114
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7115
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7116
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 7117
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7118
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7119
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7120
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7121
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7122
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7123
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7124
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7125
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7126
          },
          {
            "timestamp": "2026-06-28 21:56:16,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7127
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7128
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7129
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7130
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7131
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7132
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              }
            ],
            "repeated": 0,
            "id": 7133
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7134
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7135
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7136
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7137
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7138
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7139
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099de000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7140
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7141
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7142
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7143
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7144
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7145
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7146
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7147
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7148
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7149
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7150
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7151
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7152
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7153
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7154
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7155
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7156
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7157
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7158
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099df000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7159
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7160
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7161
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7162
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7163
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7164
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7165
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7166
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7167
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7168
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7169
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7170
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7171
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7172
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7173
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7174
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7175
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7176
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7177
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7178
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7179
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7180
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7181
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7182
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7183
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7184
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7185
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7186
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7187
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7188
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7189
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7190
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096dd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7191
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7192
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7193
          },
          {
            "timestamp": "2026-06-28 21:56:16,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7194
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7195
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7196
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7197
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7198
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7199
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7200
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7201
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7202
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7203
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7204
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7205
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7206
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7207
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7208
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7209
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7210
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7211
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7212
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7213
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7214
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7215
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7216
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7217
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7218
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7219
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7220
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7221
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7222
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7223
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7224
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7225
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7226
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7227
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7228
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7229
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7230
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7231
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7232
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7233
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7234
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7235
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7236
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7237
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7238
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7239
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7240
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d20000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7241
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7242
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7243
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7244
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7245
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7246
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7247
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7248
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7249
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7250
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7251
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              }
            ],
            "repeated": 0,
            "id": 7252
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00031000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7253
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7254
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7255
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7256
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7257
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7258
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7259
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7260
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7261
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7262
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7263
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7264
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 7265
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7266
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7267
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7268
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7269
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7270
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7271
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7272
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7273
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7274
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7275
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7276
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7277
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7278
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7279
          },
          {
            "timestamp": "2026-06-28 21:56:16,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7280
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7281
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7282
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7283
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7284
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7285
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7286
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7287
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7288
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7289
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7290
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7291
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7292
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7293
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971b000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7294
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7295
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7296
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7297
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7298
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7299
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7300
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7301
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7302
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7303
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7304
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7305
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7306
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7307
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7308
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7309
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7310
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7311
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7312
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7313
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7314
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7315
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7316
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7317
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7318
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7319
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7320
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7321
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7322
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7323
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7324
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7325
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7326
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7327
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7328
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7329
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7330
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7331
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7332
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7333
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7334
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7335
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7336
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7337
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7338
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7339
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7340
          },
          {
            "timestamp": "2026-06-28 21:56:16,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7341
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7342
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7343
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7344
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7345
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7346
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7347
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7348
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7349
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7350
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7351
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7352
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7353
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7354
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7355
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7356
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              }
            ],
            "repeated": 0,
            "id": 7357
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7358
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7359
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7360
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7361
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7362
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7363
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7364
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7365
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7366
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7367
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7368
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7369
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7370
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7371
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7372
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7373
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7374
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7375
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7376
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7377
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7378
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7379
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7380
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7381
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7382
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7383
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7384
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7385
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7386
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7387
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7388
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7389
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7390
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7391
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7392
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7393
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7394
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7395
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7396
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7397
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7398
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7399
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7400
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7401
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7402
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7403
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7404
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7405
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7406
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7407
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7408
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              }
            ],
            "repeated": 0,
            "id": 7409
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7410
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7411
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7412
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7413
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7414
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7415
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7416
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7417
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7418
          },
          {
            "timestamp": "2026-06-28 21:56:16,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7419
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7420
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7421
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7422
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7423
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7424
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7425
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7426
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7427
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7428
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7429
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7430
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7431
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7432
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7433
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7434
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7435
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7436
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7437
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7438
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7439
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7440
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7441
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7442
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7443
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              }
            ],
            "repeated": 0,
            "id": 7444
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7445
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7446
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7447
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7448
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7449
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7450
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7451
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7452
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7453
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7454
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7455
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7456
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7457
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7458
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7459
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7460
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7461
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7462
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7463
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7464
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7465
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7466
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7467
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7468
          },
          {
            "timestamp": "2026-06-28 21:56:16,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7469
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7470
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7471
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7472
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7473
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7474
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7475
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7476
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7477
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7478
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7479
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7480
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7481
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7482
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7483
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7484
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7485
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7486
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7487
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7488
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7489
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7490
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7491
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7492
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7493
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7494
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7495
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7496
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7497
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x099ff000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7498
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7499
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7500
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7501
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7502
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7503
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7504
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7505
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7506
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7507
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7508
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7509
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7510
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7511
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7512
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7513
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7514
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7515
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7516
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7517
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7518
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7519
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              }
            ],
            "repeated": 0,
            "id": 7520
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7521
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7522
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7523
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7524
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7525
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7526
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7527
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7528
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7529
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7530
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7531
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7532
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7533
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7534
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7535
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7536
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7537
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7538
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7539
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7540
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7541
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7542
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7543
          },
          {
            "timestamp": "2026-06-28 21:56:16,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7544
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7545
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7546
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7547
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7548
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7549
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7550
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a04000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7551
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7552
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7553
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7554
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7555
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7556
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7557
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7558
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7559
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7560
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7561
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7562
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d26000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7563
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7564
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7565
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7566
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7567
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7568
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7569
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7570
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7571
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7572
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7573
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7574
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7575
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7576
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7577
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7578
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a07000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7579
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7580
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7581
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7582
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7583
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7584
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7585
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7586
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7587
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              }
            ],
            "repeated": 0,
            "id": 7588
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7589
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7590
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7591
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7592
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7593
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7594
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7595
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7596
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7597
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7598
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7599
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7600
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7601
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7602
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7603
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7604
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a09000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7605
          },
          {
            "timestamp": "2026-06-28 21:56:16,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7606
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7607
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c0"
              }
            ],
            "repeated": 0,
            "id": 7608
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7609
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7610
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7611
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7612
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7613
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7614
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7615
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7616
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7617
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7618
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7619
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7620
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 7621
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7622
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7623
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7624
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7625
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7626
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7627
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7628
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7629
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7630
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7631
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7632
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7633
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 7634
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7635
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7636
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7637
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7638
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7639
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              }
            ],
            "repeated": 0,
            "id": 7640
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7641
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7642
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7643
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7644
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7645
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7646
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 7647
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7648
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7649
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7650
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7651
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7652
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              }
            ],
            "repeated": 0,
            "id": 7653
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7654
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7655
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7656
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7657
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 7658
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7659
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7660
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7661
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7662
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7663
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              }
            ],
            "repeated": 0,
            "id": 7664
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7665
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7666
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7667
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7668
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7669
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b8"
              }
            ],
            "repeated": 0,
            "id": 7670
          },
          {
            "timestamp": "2026-06-28 21:56:16,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004cc"
              }
            ],
            "repeated": 0,
            "id": 7671
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7672
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7673
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7674
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7675
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7676
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7677
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7678
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7679
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7680
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7681
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7682
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7683
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7684
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7685
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7686
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7687
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7688
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7689
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7690
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7691
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7692
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7693
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7694
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7695
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7696
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7697
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7698
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7699
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7700
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7701
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7702
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7703
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7704
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a0f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7705
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7706
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7707
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7708
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7709
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7710
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7711
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7712
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7713
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7714
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7715
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7716
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7717
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7718
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7719
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7720
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7721
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7722
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7723
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7724
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7725
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7726
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              }
            ],
            "repeated": 0,
            "id": 7727
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7728
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7729
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7730
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7731
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7732
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7733
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7734
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7735
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7736
          },
          {
            "timestamp": "2026-06-28 21:56:16,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7737
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7738
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7739
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7740
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7741
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7742
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7743
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7744
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7745
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7746
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7747
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7748
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7749
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7750
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7751
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7752
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 7753
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7754
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7755
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7756
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7757
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7758
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7759
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7760
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7761
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7762
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7763
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7764
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7765
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 7766
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7767
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7768
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7769
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7770
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7771
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7772
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7773
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7774
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7775
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7776
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7777
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7778
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 7779
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7780
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7781
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7782
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7783
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7784
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7785
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7786
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7787
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7788
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7789
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7790
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7791
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 7792
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7793
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7794
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7795
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a18000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7796
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7797
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7798
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7799
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7800
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7801
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7802
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7803
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7804
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7805
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7806
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7807
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7808
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a1a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7809
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7810
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c4"
              }
            ],
            "repeated": 0,
            "id": 7811
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7812
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7813
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7814
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7815
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7816
          },
          {
            "timestamp": "2026-06-28 21:56:16,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7817
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7818
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7819
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7820
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7821
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7822
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7823
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7824
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7825
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7826
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7827
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7828
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7829
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7830
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7831
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7832
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7833
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7834
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7835
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7836
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7837
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7838
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7839
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7840
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7841
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7842
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7843
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7844
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7845
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7846
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7847
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7848
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7849
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7850
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7851
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7852
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7853
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7854
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7855
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7856
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7857
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7858
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7859
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7860
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a21000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7861
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7862
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7863
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7864
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7865
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7866
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7867
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7868
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7869
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7870
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7871
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7872
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7873
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7874
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7875
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7876
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7877
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7878
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7879
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7880
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7881
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7882
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7883
          },
          {
            "timestamp": "2026-06-28 21:56:16,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7884
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7885
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7886
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7887
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7888
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7889
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7890
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7891
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7892
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7893
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7894
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7895
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7896
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7897
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7898
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d54000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7899
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7900
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7901
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7902
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7903
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7904
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7905
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7906
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7907
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7908
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7909
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7910
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7911
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7912
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7913
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7914
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7915
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7916
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7917
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7918
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7919
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7920
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7921
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7922
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7923
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7924
          },
          {
            "timestamp": "2026-06-28 21:56:16,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7925
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7926
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a29000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7927
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7928
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7929
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7930
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7931
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7932
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7933
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7934
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7935
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              }
            ],
            "repeated": 0,
            "id": 7936
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7937
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7938
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7939
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a2b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7940
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7941
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7942
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7943
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 7944
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7945
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7946
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7947
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7948
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7949
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7950
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7951
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7952
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7953
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7954
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7955
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7956
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7957
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7958
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a2d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7959
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7960
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7961
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7962
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7963
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7964
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7965
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7966
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7967
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7968
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7969
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7970
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7971
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a2f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7972
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7973
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7974
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7975
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7976
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7977
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7978
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7979
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7980
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              }
            ],
            "repeated": 0,
            "id": 7981
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7982
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7983
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7984
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a31000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7985
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7986
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 7987
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 7988
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7989
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7990
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7991
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 7992
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 7993
          },
          {
            "timestamp": "2026-06-28 21:56:16,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              }
            ],
            "repeated": 0,
            "id": 7994
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7995
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 7996
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 7997
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 7998
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 7999
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8000
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8001
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8002
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8003
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8004
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8005
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8006
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              }
            ],
            "repeated": 0,
            "id": 8007
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8008
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8009
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8010
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a34000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8011
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8012
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8013
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8014
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8015
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8016
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8017
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8018
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8019
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              }
            ],
            "repeated": 0,
            "id": 8020
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00016000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8021
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8022
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8023
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8024
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8025
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8026
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8027
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8028
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8029
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8030
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8031
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8032
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              }
            ],
            "repeated": 0,
            "id": 8033
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8034
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8035
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8036
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8037
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8038
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8039
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8040
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8041
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8042
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8043
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8044
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8045
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              }
            ],
            "repeated": 0,
            "id": 8046
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc60"
              },
              {
                "name": "ViewSize",
                "value": "0x00007000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8047
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x02\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8048
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8049
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8050
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8051
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 2,
            "id": 8052
          },
          {
            "timestamp": "2026-06-28 21:56:16,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8053
          },
          {
            "timestamp": "2026-06-28 21:56:16,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09daf000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8054
          },
          {
            "timestamp": "2026-06-28 21:56:16,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8055
          },
          {
            "timestamp": "2026-06-28 21:56:16,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0974b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8056
          },
          {
            "timestamp": "2026-06-28 21:56:16,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0975b000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8057
          },
          {
            "timestamp": "2026-06-28 21:56:16,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09dbb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8058
          },
          {
            "timestamp": "2026-06-28 21:56:16,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09dc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8059
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cd3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8060
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8061
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8062
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8063
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cd3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8064
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8065
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8066
          },
          {
            "timestamp": "2026-06-28 21:56:16,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8067
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8068
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8069
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8070
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8071
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8072
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0975d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8073
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8074
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09dcf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8075
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8076
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8077
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8078
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0975b000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8079
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0975d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8080
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8081
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09dcf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8082
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8083
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8084
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0974b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8085
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09dd1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00051000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8086
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8087
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8088
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0971f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8089
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8090
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8091
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0974b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8092
          },
          {
            "timestamp": "2026-06-28 21:56:16,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8093
          },
          {
            "timestamp": "2026-06-28 21:56:16,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0974b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8094
          },
          {
            "timestamp": "2026-06-28 21:56:16,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8095
          },
          {
            "timestamp": "2026-06-28 21:56:16,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8096
          },
          {
            "timestamp": "2026-06-28 21:56:16,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8097
          },
          {
            "timestamp": "2026-06-28 21:56:16,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8098
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8099
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8100
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8101
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8102
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8103
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8104
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8105
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8106
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8107
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8108
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8109
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09690000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8110
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8111
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8112
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09690000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8113
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8114
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8115
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8116
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09690000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8117
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8118
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8119
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8120
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8121
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8122
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8123
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8124
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8125
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8126
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8127
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8128
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8129
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8130
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8131
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8132
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8133
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8134
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8135
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8136
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8137
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8138
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8139
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8140
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8141
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8142
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8143
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8144
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8145
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09daf000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8146
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8147
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09db1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8148
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8149
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8150
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c71000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8151
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8152
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8153
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8154
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8155
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8156
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8157
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8158
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8159
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8160
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cfc000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8161
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8162
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8163
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8164
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8165
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8166
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8167
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0974b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8168
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09748000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8169
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8170
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8171
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8172
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8173
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d26000"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8174
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8175
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8176
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8177
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c79000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8178
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8179
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8180
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d16000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8181
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8182
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8183
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096dc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8184
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09728000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8185
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8186
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8187
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8188
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8189
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8190
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8191
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09727000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8192
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8193
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8194
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8195
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8196
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8197
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d47000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8198
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8199
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8200
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8201
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8202
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8203
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8204
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8205
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8206
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8207
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8208
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8209
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8210
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8211
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8212
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8213
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8214
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8215
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8216
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8217
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8218
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8219
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8220
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8221
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8222
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8223
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8224
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8225
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8226
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096af000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8227
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8228
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8229
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8230
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8231
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096bd000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8232
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8233
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8234
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8235
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8236
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09748000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8237
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8238
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8239
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8240
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8241
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8242
          },
          {
            "timestamp": "2026-06-28 21:56:16,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8243
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8244
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8245
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c79000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8246
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8247
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09744000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8248
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8249
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8250
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8251
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8252
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8253
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8254
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8255
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8256
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d02000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8257
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8258
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8259
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8260
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8261
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8262
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d47000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8263
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8264
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8265
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8266
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8267
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01218000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8268
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8269
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8270
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8271
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8272
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arial.ttf"
              }
            ],
            "repeated": 0,
            "id": 8273
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000fe000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8274
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8275
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8276
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8277
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8278
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8279
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8280
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8281
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8282
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8283
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8284
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8285
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8286
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8287
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096d3000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8288
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8289
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09727000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8290
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09690000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8291
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8292
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8293
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8294
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8295
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a39000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8296
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000fe000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8297
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8298
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8299
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8300
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8301
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8302
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8303
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariali.ttf"
              }
            ],
            "repeated": 0,
            "id": 8304
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000b0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8305
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8306
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8307
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00051000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8308
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8309
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8310
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8311
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8312
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a3b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8313
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000b0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8314
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 8315
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 8316
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8317
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8318
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8319
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8320
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 8321
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8322
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8323
          },
          {
            "timestamp": "2026-06-28 21:56:16,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8324
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8325
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8326
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a3d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8327
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8328
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8329
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8330
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8331
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8332
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8333
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8334
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\arialbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 8335
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000b1000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8336
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8337
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8338
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8339
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8340
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8341
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8342
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000b1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8343
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8344
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8345
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8346
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8347
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8348
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8349
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALN.TTF"
              }
            ],
            "repeated": 0,
            "id": 8350
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8351
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8352
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8353
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8354
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8355
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8356
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00051000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8357
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09cb4000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8358
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00080000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8359
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8360
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8361
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8362
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8363
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8364
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8365
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8366
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ariblk.ttf"
              }
            ],
            "repeated": 0,
            "id": 8367
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8368
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8369
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8370
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a42000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8371
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8372
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0973d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8373
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8374
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8375
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8376
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8377
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8378
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8379
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8380
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8381
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8382
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNI.TTF"
              }
            ],
            "repeated": 0,
            "id": 8383
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8384
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8385
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8386
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8387
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8388
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8389
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8390
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8391
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8392
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8393
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8394
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNB.TTF"
              }
            ],
            "repeated": 0,
            "id": 8395
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8396
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8397
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8398
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8399
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8400
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8401
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8402
          },
          {
            "timestamp": "2026-06-28 21:56:16,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8403
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8404
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8405
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8406
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARIALNBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 8407
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8408
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8409
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8410
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8411
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8412
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8413
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8414
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8415
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8416
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8417
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8418
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8419
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8420
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8421
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8422
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8423
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8424
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8425
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8426
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8427
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8428
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8429
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8430
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8431
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8432
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8433
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8434
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8435
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8436
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8437
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8438
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8439
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8440
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8441
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8442
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8443
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8444
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8445
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8446
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8447
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8448
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8449
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8450
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8451
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8452
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8453
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8454
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8455
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8456
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8457
          },
          {
            "timestamp": "2026-06-28 21:56:16,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8458
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8459
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8460
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8461
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8462
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8463
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8464
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8465
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8466
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8467
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8468
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8469
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8470
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8471
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8472
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8473
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8474
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8475
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8476
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8477
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8478
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8479
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8480
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8481
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8482
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8483
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8484
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8485
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8486
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09392000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8487
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8488
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8489
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8490
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8491
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8492
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8493
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8494
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8495
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8496
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8497
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8498
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8499
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8500
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8501
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8502
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8503
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8504
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8505
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8506
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8507
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8508
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8509
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8510
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8511
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8512
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8513
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8514
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8515
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8516
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8517
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8518
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8519
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8520
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8521
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8522
          },
          {
            "timestamp": "2026-06-28 21:56:16,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8523
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8524
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8525
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8526
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8527
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8528
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8529
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8530
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8531
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8532
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8533
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8534
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8535
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8536
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8537
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8538
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8539
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8540
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8541
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8542
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8543
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8544
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8545
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8546
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8547
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8548
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8549
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8550
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8551
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8552
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8553
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a51000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8554
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8555
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8556
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8557
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8558
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8559
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8560
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8561
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8562
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8563
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8564
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8565
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8566
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8567
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8568
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8569
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09393000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8570
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09395000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8571
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 8572
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 8573
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8574
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8575
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8576
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8577
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8578
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8579
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8580
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8581
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8582
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8583
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8584
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8585
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8586
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8587
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8588
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8589
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8590
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8591
          },
          {
            "timestamp": "2026-06-28 21:56:16,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8592
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\bahnschrift.ttf"
              }
            ],
            "repeated": 0,
            "id": 8593
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8594
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8595
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8596
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8597
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8598
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8599
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8600
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8601
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8602
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibri.ttf"
              }
            ],
            "repeated": 0,
            "id": 8603
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00193000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8604
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8605
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00075000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8606
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8607
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00027000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8608
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8609
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8610
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8611
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8612
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8613
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8614
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00193000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8615
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8616
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8617
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8618
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8619
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8620
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8621
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibril.ttf"
              }
            ],
            "repeated": 0,
            "id": 8622
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00160000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8623
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8624
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8625
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8626
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8627
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8628
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8629
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a56000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8630
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00160000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8631
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 8632
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8633
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8634
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8635
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8636
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8637
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrii.ttf"
              }
            ],
            "repeated": 0,
            "id": 8638
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00125000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8639
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8640
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8641
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8642
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8643
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8644
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8645
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8646
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00125000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8647
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8648
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8649
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09397000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8650
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8651
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIBRILI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8652
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrili.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8653
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8654
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrili.ttf"
              }
            ],
            "repeated": 0,
            "id": 8655
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00104000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8656
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8657
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8658
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8659
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8660
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8661
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8662
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8663
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00104000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8664
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8665
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8666
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8667
          },
          {
            "timestamp": "2026-06-28 21:56:16,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8668
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8669
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8670
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibrib.ttf"
              }
            ],
            "repeated": 0,
            "id": 8671
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0018a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8672
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8673
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8674
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8675
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8676
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8677
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8678
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8679
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0018a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8680
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8681
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8682
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8683
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8684
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8685
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8686
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\calibriz.ttf"
              }
            ],
            "repeated": 0,
            "id": 8687
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0011b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8688
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8689
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8690
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8691
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8692
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8693
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8694
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8695
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0011b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8696
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8697
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8698
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8699
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8700
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8701
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8702
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              }
            ],
            "repeated": 0,
            "id": 8703
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x001b6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8704
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8705
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8706
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8707
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8708
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8709
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8710
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001b6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8711
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8712
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8713
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8714
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8715
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8716
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8717
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriai.ttf"
              }
            ],
            "repeated": 0,
            "id": 8718
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000da000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8719
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8720
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8721
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8722
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8723
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8724
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000da000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8725
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8726
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8727
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8728
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8729
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8730
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8731
          },
          {
            "timestamp": "2026-06-28 21:56:16,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriab.ttf"
              }
            ],
            "repeated": 0,
            "id": 8732
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000ce000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8733
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8734
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8735
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8736
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8737
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a61000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8738
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ce000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8739
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8740
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8741
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8742
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8743
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8744
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8745
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambriaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 8746
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000d2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8747
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8748
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8749
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8750
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8751
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8752
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8753
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8754
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8755
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8756
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8757
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8758
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8759
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cambria.ttc"
              }
            ],
            "repeated": 0,
            "id": 8760
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x001b6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8761
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8762
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8763
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8764
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8765
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8766
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001b6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8767
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8768
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8769
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8770
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8771
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8772
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8773
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8774
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8775
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candara.ttf"
              }
            ],
            "repeated": 0,
            "id": 8776
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8777
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8778
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8779
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a7000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003a000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8780
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8781
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8782
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a65000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8783
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8784
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8785
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8786
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8787
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8788
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8789
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8790
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaral.ttf"
              }
            ],
            "repeated": 0,
            "id": 8791
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8792
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8793
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8794
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8795
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8796
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8797
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8798
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8799
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8800
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8801
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8802
          },
          {
            "timestamp": "2026-06-28 21:56:17,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8803
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8804
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarai.ttf"
              }
            ],
            "repeated": 0,
            "id": 8805
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8806
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8807
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8808
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8809
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8810
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8811
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8812
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8813
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CANDARALI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8814
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarali.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8815
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8816
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarali.ttf"
              }
            ],
            "repeated": 0,
            "id": 8817
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8818
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8819
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8820
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8821
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8822
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8823
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8824
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8825
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8826
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8827
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8828
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8829
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8830
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candarab.ttf"
              }
            ],
            "repeated": 0,
            "id": 8831
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8832
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8833
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8834
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8835
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8836
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8837
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8838
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8839
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8840
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8841
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8842
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8843
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8844
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8845
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Candaraz.ttf"
              }
            ],
            "repeated": 0,
            "id": 8846
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8847
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8848
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8849
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8850
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8851
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8852
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8853
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8854
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8855
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8856
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8857
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8858
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8859
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8860
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8861
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comic.ttf"
              }
            ],
            "repeated": 0,
            "id": 8862
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8863
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8864
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8865
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8866
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8867
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8868
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8869
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8870
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8871
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8872
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8873
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8874
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8875
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8876
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comici.ttf"
              }
            ],
            "repeated": 0,
            "id": 8877
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8878
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8879
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8880
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8881
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a6b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8882
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8883
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 8884
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8885
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8886
          },
          {
            "timestamp": "2026-06-28 21:56:17,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8887
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8888
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8889
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 8890
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8891
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8892
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096ec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8893
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8894
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8895
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8896
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8897
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8898
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8899
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8900
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8901
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8902
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8903
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\comicz.ttf"
              }
            ],
            "repeated": 0,
            "id": 8904
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8905
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8906
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8907
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8908
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8909
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8910
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8911
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8912
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8913
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8914
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8915
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8916
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consola.ttf"
              }
            ],
            "repeated": 0,
            "id": 8917
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00071000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8918
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8919
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00041000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8920
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8921
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8922
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8923
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8924
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00071000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8925
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8926
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8927
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8928
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8929
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8930
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8931
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolai.ttf"
              }
            ],
            "repeated": 0,
            "id": 8932
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00073000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8933
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8934
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8935
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8936
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8937
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8938
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8939
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8940
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8941
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8942
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8943
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolab.ttf"
              }
            ],
            "repeated": 0,
            "id": 8944
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00062000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8945
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8946
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8947
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8948
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8949
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8950
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00062000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8951
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8952
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8953
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8954
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8955
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8956
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8957
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\consolaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 8958
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00064000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8959
          },
          {
            "timestamp": "2026-06-28 21:56:17,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8960
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8961
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8962
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8963
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8964
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00064000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8965
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8966
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8967
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8968
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8969
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8970
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8971
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constan.ttf"
              }
            ],
            "repeated": 0,
            "id": 8972
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0006e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8973
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8974
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8975
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8976
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8977
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8978
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8979
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8980
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8981
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8982
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8983
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8984
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8985
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constani.ttf"
              }
            ],
            "repeated": 0,
            "id": 8986
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0006e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8987
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 8988
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8989
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 8990
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 8991
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8992
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 8993
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 8994
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 8995
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8996
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 8997
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 8998
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 8999
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanb.ttf"
              }
            ],
            "repeated": 0,
            "id": 9000
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0006f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9001
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9002
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9003
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9004
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9005
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9006
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9007
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9008
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9009
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9010
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9011
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9012
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9013
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\constanz.ttf"
              }
            ],
            "repeated": 0,
            "id": 9014
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00070000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9015
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9016
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9017
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9018
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9019
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9020
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9021
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9022
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9023
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9024
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9025
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9026
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9027
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbel.ttf"
              }
            ],
            "repeated": 0,
            "id": 9028
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00044000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9029
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9030
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9031
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9032
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9033
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9034
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9035
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9036
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9037
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9038
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9039
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9040
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9041
          },
          {
            "timestamp": "2026-06-28 21:56:17,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbell.ttf"
              }
            ],
            "repeated": 0,
            "id": 9042
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9043
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9044
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9045
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9046
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9047
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9048
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9049
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9050
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9051
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9052
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 1,
            "id": 9053
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9054
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9055
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9056
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9057
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9058
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbeli.ttf"
              }
            ],
            "repeated": 0,
            "id": 9059
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00046000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9060
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9061
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9062
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9063
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9064
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9065
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00046000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9066
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9067
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9068
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9069
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9070
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9071
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9072
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelli.ttf"
              }
            ],
            "repeated": 0,
            "id": 9073
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9074
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9075
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9076
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9077
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9078
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9079
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9080
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9081
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9082
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9083
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9084
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelb.ttf"
              }
            ],
            "repeated": 0,
            "id": 9085
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00048000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9086
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9087
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9088
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9089
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9090
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a79000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9091
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9092
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9093
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9094
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9095
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9096
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9097
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9098
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\corbelz.ttf"
              }
            ],
            "repeated": 0,
            "id": 9099
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00048000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9100
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9101
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9102
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9103
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9104
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a7a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9105
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00048000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9106
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9107
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9108
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9109
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9110
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9111
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9112
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\cour.ttf"
              }
            ],
            "repeated": 0,
            "id": 9113
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000c5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9114
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9115
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9116
          },
          {
            "timestamp": "2026-06-28 21:56:17,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9117
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9118
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9119
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00027000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9120
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9121
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000c5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9122
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9123
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9124
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9125
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9126
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9127
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9128
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\couri.ttf"
              }
            ],
            "repeated": 0,
            "id": 9129
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000a3000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9130
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9131
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9132
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9133
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9134
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x000a3000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9135
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9136
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9137
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9138
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9139
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9140
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9141
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 9142
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000c5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9143
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9144
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9145
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9146
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9147
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9148
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9149
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9150
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000c5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9151
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9152
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9153
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9154
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9155
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9156
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9157
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\courbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 9158
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0008d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9159
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9160
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9161
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9162
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9163
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9164
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9165
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9166
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9167
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9168
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9169
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9170
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrima.ttf"
              }
            ],
            "repeated": 0,
            "id": 9171
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000de000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9172
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9173
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9174
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a83000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9175
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000de000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9176
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9177
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9178
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9179
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9180
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9181
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9182
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ebrimabd.ttf"
              }
            ],
            "repeated": 0,
            "id": 9183
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000e0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9184
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9185
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9186
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9187
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9188
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9189
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9190
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09399000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9191
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9192
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9193
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9194
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9195
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framd.ttf"
              }
            ],
            "repeated": 0,
            "id": 9196
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9197
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9198
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9199
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9200
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9201
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9202
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9203
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9204
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9205
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9206
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9207
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9208
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADM.TTF"
              }
            ],
            "repeated": 0,
            "id": 9209
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9210
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9211
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9212
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9213
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9214
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9215
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9216
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a87000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9217
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9218
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9219
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9220
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9221
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9222
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9223
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9224
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\framdit.ttf"
              }
            ],
            "repeated": 0,
            "id": 9225
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9226
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9227
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9228
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9229
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9230
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9231
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9232
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9233
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9234
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9235
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9236
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9237
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9238
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9239
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9240
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 9241
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9242
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9243
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9244
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9245
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9246
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9247
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9248
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a8a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9249
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9250
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9251
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9252
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9253
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9254
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9255
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9256
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9257
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAMDCN.TTF"
              }
            ],
            "repeated": 0,
            "id": 9258
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9259
          },
          {
            "timestamp": "2026-06-28 21:56:17,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9260
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9261
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9262
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9263
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9264
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9265
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9266
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9267
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9268
          },
          {
            "timestamp": "2026-06-28 21:56:17,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9269
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9270
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9271
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9272
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRADMCN.TTF"
              }
            ],
            "repeated": 0,
            "id": 9273
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9274
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9275
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9276
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9277
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9278
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9279
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9280
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a8d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9281
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9282
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9283
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9284
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9285
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9286
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9287
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9288
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHV.TTF"
              }
            ],
            "repeated": 0,
            "id": 9289
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9290
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9291
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9292
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9293
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9294
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9295
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9296
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a8e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9297
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9298
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9299
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9300
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9301
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9302
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9303
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9304
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRAHVIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 9305
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9306
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9307
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9308
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9309
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9310
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9311
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9312
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9313
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9314
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9315
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9316
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9317
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9318
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9319
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9320
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9321
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Gabriola.ttf"
              }
            ],
            "repeated": 0,
            "id": 9322
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x001b9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9323
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9324
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9325
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9326
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9327
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9328
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9329
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001b9000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9330
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9331
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9332
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9333
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9334
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9335
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9336
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugi.ttf"
              }
            ],
            "repeated": 0,
            "id": 9337
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9338
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9339
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9340
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9341
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9342
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9343
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9344
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9345
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9346
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9347
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9348
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9349
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9350
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\gadugib.ttf"
              }
            ],
            "repeated": 0,
            "id": 9351
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9352
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9353
          },
          {
            "timestamp": "2026-06-28 21:56:17,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9354
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9355
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9356
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9357
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9358
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9359
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9360
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9361
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9362
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9363
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9364
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgia.ttf"
              }
            ],
            "repeated": 0,
            "id": 9365
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9366
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9367
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9368
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9369
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9370
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9371
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9372
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9373
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9374
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9375
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9376
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9377
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiai.ttf"
              }
            ],
            "repeated": 0,
            "id": 9378
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9379
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9380
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9381
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9382
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9383
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9384
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9385
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9386
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9387
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9388
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9389
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9390
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9391
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiab.ttf"
              }
            ],
            "repeated": 0,
            "id": 9392
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9393
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9394
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9395
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9396
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9397
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9398
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9399
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9400
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9401
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9402
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9403
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9404
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9405
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\georgiaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 9406
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00034000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9407
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9408
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9409
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9410
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9411
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9412
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9413
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00034000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9414
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9415
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9416
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9417
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9418
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9419
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9420
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\impact.ttf"
              }
            ],
            "repeated": 0,
            "id": 9421
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00033000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9422
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9423
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9424
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9425
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9426
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9427
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a97000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9428
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00033000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9429
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 9430
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9431
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9432
          },
          {
            "timestamp": "2026-06-28 21:56:17,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9433
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9434
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9435
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Inkfree.ttf"
              }
            ],
            "repeated": 0,
            "id": 9436
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9437
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9438
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9439
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9440
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9441
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9442
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9443
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9444
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9445
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9446
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9447
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9448
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9449
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\javatext.ttf"
              }
            ],
            "repeated": 0,
            "id": 9450
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0004b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9451
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9452
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9453
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9454
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9455
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9456
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9457
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9458
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9459
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9460
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelawUI.ttf"
              }
            ],
            "repeated": 0,
            "id": 9461
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00061000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9462
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9463
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9464
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9465
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9466
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9467
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00061000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9468
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9469
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9470
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9471
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9472
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9473
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9474
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelUIsl.ttf"
              }
            ],
            "repeated": 0,
            "id": 9475
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0005f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9476
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9477
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9478
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9479
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9480
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9481
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0005f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9482
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9483
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9484
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9485
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9486
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9487
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9488
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LeelaUIb.ttf"
              }
            ],
            "repeated": 0,
            "id": 9489
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00050000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9490
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9491
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9492
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9493
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9494
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9495
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9496
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9497
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9498
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9499
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9500
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9501
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9502
          },
          {
            "timestamp": "2026-06-28 21:56:17,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\lucon.ttf"
              }
            ],
            "repeated": 0,
            "id": 9503
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9504
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9505
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9506
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9507
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9508
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9509
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9510
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9511
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9512
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9513
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9514
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\l_10646.ttf"
              }
            ],
            "repeated": 0,
            "id": 9515
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0004c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9516
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9517
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9518
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9519
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9520
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9521
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9522
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9523
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9524
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9525
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9526
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9527
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9528
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9529
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgun.ttf"
              }
            ],
            "repeated": 0,
            "id": 9530
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00cd6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9531
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9532
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9533
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9534
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9535
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9536
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09a9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9537
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9538
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00cd6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9539
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9540
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9541
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9542
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9543
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9544
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9545
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunsl.ttf"
              }
            ],
            "repeated": 0,
            "id": 9546
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x004da000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9547
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9548
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9549
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9550
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9551
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9552
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9553
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x004da000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9554
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9555
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9556
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9557
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9558
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9559
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9560
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\malgunbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 9561
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00c04000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9562
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9563
          },
          {
            "timestamp": "2026-06-28 21:56:17,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9564
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9565
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9566
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9567
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9568
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9569
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9570
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00c04000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9571
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9572
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9573
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9574
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9575
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9576
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9577
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\himalaya.ttf"
              }
            ],
            "repeated": 0,
            "id": 9578
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0008c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9579
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9580
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9581
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9582
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9583
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9584
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9585
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9586
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9587
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9588
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9589
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9590
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              }
            ],
            "repeated": 0,
            "id": 9591
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0146a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9592
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9593
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9594
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9595
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00075000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9596
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9597
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9598
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9599
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0146a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9600
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9601
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9602
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9603
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9604
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9605
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9606
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 9607
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00c48000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9608
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9609
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9610
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09d3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00077000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9611
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9612
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9613
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9614
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9615
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00c48000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9616
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9617
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9618
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9619
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9620
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9621
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9622
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 9623
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9624
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9625
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9626
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9627
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9628
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9629
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9630
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9631
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9632
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9633
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9634
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9635
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9636
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjh.ttc"
              }
            ],
            "repeated": 0,
            "id": 9637
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0146a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9638
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9639
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9640
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9641
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9642
          },
          {
            "timestamp": "2026-06-28 21:56:17,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aa9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9643
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0146a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9644
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9645
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9646
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9647
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9648
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9649
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9650
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 9651
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00c48000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9652
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9653
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9654
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9655
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9656
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aaa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9657
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00c48000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9658
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9659
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9660
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9661
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9662
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9663
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9664
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msjhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 9665
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9666
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9667
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9668
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9669
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9670
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9671
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dc6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9672
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9673
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9674
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9675
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9676
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9677
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9678
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailu.ttf"
              }
            ],
            "repeated": 0,
            "id": 9679
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9680
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9681
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9682
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9683
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9684
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9685
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9686
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9687
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9688
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9689
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9690
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ntailub.ttf"
              }
            ],
            "repeated": 0,
            "id": 9691
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9692
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9693
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9694
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9695
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9696
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9697
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9698
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9699
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9700
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9701
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9702
          },
          {
            "timestamp": "2026-06-28 21:56:17,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspa.ttf"
              }
            ],
            "repeated": 0,
            "id": 9703
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9704
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9705
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9706
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9707
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9708
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9709
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9710
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9711
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9712
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9713
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9714
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9715
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9716
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\phagspab.ttf"
              }
            ],
            "repeated": 0,
            "id": 9717
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9718
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9719
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9720
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9721
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9722
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aaf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9723
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9724
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9725
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9726
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9727
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9728
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9729
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9730
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              }
            ],
            "repeated": 0,
            "id": 9731
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000d6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9732
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9733
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9734
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9735
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9736
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9737
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9738
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9739
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9740
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9741
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9742
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9743
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9744
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9745
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taile.ttf"
              }
            ],
            "repeated": 0,
            "id": 9746
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9747
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9748
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9749
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9750
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9751
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9752
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9753
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9754
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9755
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9756
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9757
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9758
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\taileb.ttf"
              }
            ],
            "repeated": 0,
            "id": 9759
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9760
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9761
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9762
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9763
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9764
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9765
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9766
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9767
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9768
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9769
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9770
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              }
            ],
            "repeated": 0,
            "id": 9771
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x012bd000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9772
          },
          {
            "timestamp": "2026-06-28 21:56:17,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9773
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9774
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9775
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9776
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9777
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9778
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x012bd000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9779
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9780
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9781
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9782
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9783
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9784
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9785
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 9786
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00b94000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9787
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9788
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9789
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9790
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9791
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9792
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9793
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00b94000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9794
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9795
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9796
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9797
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9798
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9799
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9800
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 9801
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0100d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9802
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9803
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9804
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9805
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9806
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9807
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9808
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9809
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9810
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9811
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9812
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9813
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9814
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyh.ttc"
              }
            ],
            "repeated": 0,
            "id": 9815
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x012bd000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9816
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9817
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9818
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9819
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9820
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9821
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9822
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ab8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9823
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x012bd000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9824
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 9825
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9826
          },
          {
            "timestamp": "2026-06-28 21:56:17,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9827
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9828
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9829
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9830
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhl.ttc"
              }
            ],
            "repeated": 0,
            "id": 9831
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00b94000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9832
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9833
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9834
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9835
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9836
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9837
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9838
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00b94000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9839
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9840
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9841
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9842
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9843
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9844
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9845
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyhbd.ttc"
              }
            ],
            "repeated": 0,
            "id": 9846
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0100d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9847
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9848
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9849
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9850
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9851
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9852
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9853
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9854
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09abb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9855
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0100d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9856
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9857
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9858
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9859
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9860
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9861
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9862
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msyi.ttf"
              }
            ],
            "repeated": 0,
            "id": 9863
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0004a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9864
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9865
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9866
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9867
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9868
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09abd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9869
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0004a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9870
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9871
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9872
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9873
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9874
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9875
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9876
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              }
            ],
            "repeated": 0,
            "id": 9877
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x02316000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9878
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9879
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9880
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9881
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9882
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09abe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9883
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x02316000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9884
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9885
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9886
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9887
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9888
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9889
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9890
          },
          {
            "timestamp": "2026-06-28 21:56:17,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              }
            ],
            "repeated": 0,
            "id": 9891
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x02316000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9892
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9893
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9894
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9895
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9896
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09abf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9897
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x02316000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9898
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9899
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9900
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9901
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9902
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9903
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9904
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mingliub.ttc"
              }
            ],
            "repeated": 0,
            "id": 9905
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x02316000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9906
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9907
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9908
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9909
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9910
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9911
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x02316000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9912
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9913
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9914
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9915
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9916
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9917
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9918
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\monbaiti.ttf"
              }
            ],
            "repeated": 0,
            "id": 9919
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00047000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9920
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9921
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9922
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9923
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9924
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9925
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00047000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9926
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9927
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9928
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9929
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9930
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9931
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9932
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              }
            ],
            "repeated": 0,
            "id": 9933
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00893000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9934
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9935
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9936
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9937
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9938
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9939
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9940
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9941
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00893000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9942
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9943
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9944
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9945
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9946
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9947
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9948
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              }
            ],
            "repeated": 0,
            "id": 9949
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00893000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9950
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9951
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9952
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9953
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9954
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9955
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00893000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9956
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9957
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9958
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9959
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9960
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9961
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9962
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\msgothic.ttc"
              }
            ],
            "repeated": 0,
            "id": 9963
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00893000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9964
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9965
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9966
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9967
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9968
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 9969
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9970
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9971
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00893000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9972
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9973
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9974
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9975
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9976
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9977
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9978
          },
          {
            "timestamp": "2026-06-28 21:56:17,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mvboli.ttf"
              }
            ],
            "repeated": 0,
            "id": 9979
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9980
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9981
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9982
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce7000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9983
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9984
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9985
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9986
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9987
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 9988
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 9989
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9990
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9991
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 9992
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 9993
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtext.ttf"
              }
            ],
            "repeated": 0,
            "id": 9994
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00057000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9995
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 9996
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 9997
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ac9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 9998
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00057000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 9999
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 10000
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10001
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10002
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10003
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10004
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10005
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\mmrtextb.ttf"
              }
            ],
            "repeated": 0,
            "id": 10006
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00052000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10007
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10008
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00052000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10009
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 10010
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10011
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10012
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10013
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10014
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10015
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Nirmala.ttf"
              }
            ],
            "repeated": 0,
            "id": 10016
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00173000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10017
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10018
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10019
          },
          {
            "timestamp": "2026-06-28 21:56:17,276",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10020
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00173000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10021
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 10022
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10023
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10024
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10025
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10026
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10027
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaS.ttf"
              }
            ],
            "repeated": 0,
            "id": 10028
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0017c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10029
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10030
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10031
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09acb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10032
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0017c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10033
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 10034
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10035
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10036
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10037
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10038
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10039
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NirmalaB.ttf"
              }
            ],
            "repeated": 0,
            "id": 10040
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00168000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10041
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10042
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10043
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09acd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10044
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00168000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10045
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 10046
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10047
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10048
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10049
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10050
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10051
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\pala.ttf"
              }
            ],
            "repeated": 0,
            "id": 10052
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00074000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10053
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10054
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00042000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10055
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10056
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10057
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10058
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ace000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10059
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00074000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10060
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10061
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10062
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10063
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10064
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10065
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10066
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palai.ttf"
              }
            ],
            "repeated": 0,
            "id": 10067
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00066000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10068
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10069
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10070
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10071
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10072
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09acf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10073
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00066000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10074
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10075
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10076
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10077
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10078
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10079
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10080
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palab.ttf"
              }
            ],
            "repeated": 0,
            "id": 10081
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00067000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10082
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10083
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10084
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10085
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10086
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10087
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00067000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10088
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10089
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10090
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10091
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10092
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10093
          },
          {
            "timestamp": "2026-06-28 21:56:17,292",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10094
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\palabi.ttf"
              }
            ],
            "repeated": 0,
            "id": 10095
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00052000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10096
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10097
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10098
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10099
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10100
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10101
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10102
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00052000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10103
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10104
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10105
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10106
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10107
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10108
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10109
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segmdl2.ttf"
              }
            ],
            "repeated": 0,
            "id": 10110
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00040000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10111
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10112
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10113
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10114
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10115
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10116
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10117
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00040000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10118
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10119
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10120
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10121
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10122
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10123
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10124
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoepr.ttf"
              }
            ],
            "repeated": 0,
            "id": 10125
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10126
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10127
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10128
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10129
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10130
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10131
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10132
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10133
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10134
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10135
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10136
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeprb.ttf"
              }
            ],
            "repeated": 0,
            "id": 10137
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10138
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10139
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10140
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10141
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10142
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10143
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10144
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10145
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10146
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10147
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10148
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10149
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10150
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoesc.ttf"
              }
            ],
            "repeated": 0,
            "id": 10151
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00092000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10152
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10153
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10154
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10155
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10156
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10157
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00092000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10158
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10159
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10160
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10161
          },
          {
            "timestamp": "2026-06-28 21:56:17,307",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10162
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10163
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10164
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoescb.ttf"
              }
            ],
            "repeated": 0,
            "id": 10165
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0008e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10166
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10167
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10168
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10169
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10170
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10171
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0008e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10172
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10173
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10174
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10175
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10176
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10177
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10178
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              }
            ],
            "repeated": 0,
            "id": 10179
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000ea000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10180
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10181
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10182
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10183
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10184
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10185
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ad9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10186
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ea000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10187
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10188
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10189
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10190
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SEGOEUISL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10191
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuisl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10192
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10193
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuisl.ttf"
              }
            ],
            "repeated": 0,
            "id": 10194
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000d1000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10195
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10196
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10197
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10198
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10199
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ada000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10200
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d1000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10201
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10202
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10203
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10204
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10205
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10206
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10207
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuil.ttf"
              }
            ],
            "repeated": 0,
            "id": 10208
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000e0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10209
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10210
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10211
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10212
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10213
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09adc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10214
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10215
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10216
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10217
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10218
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10219
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10220
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10221
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisb.ttf"
              }
            ],
            "repeated": 0,
            "id": 10222
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000ee000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10223
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10224
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10225
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10226
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10227
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ade000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10228
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000ee000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10229
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10230
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10231
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10232
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10233
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10234
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10235
          },
          {
            "timestamp": "2026-06-28 21:56:17,323",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              }
            ],
            "repeated": 0,
            "id": 10236
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10237
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10238
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10239
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10240
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10241
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09adf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10242
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00082000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10243
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10244
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10245
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10246
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10247
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10248
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10249
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisli.ttf"
              }
            ],
            "repeated": 0,
            "id": 10250
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00073000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10251
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10252
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10253
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10254
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10255
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10256
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10257
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00073000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10258
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10259
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10260
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10261
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10262
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10263
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10264
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguili.ttf"
              }
            ],
            "repeated": 0,
            "id": 10265
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00071000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10266
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10267
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10268
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10269
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10270
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10271
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10272
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00071000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10273
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10274
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10275
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10276
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10277
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10278
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10279
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              }
            ],
            "repeated": 0,
            "id": 10280
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000e9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10281
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10282
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10283
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10284
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10285
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10286
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10287
          },
          {
            "timestamp": "2026-06-28 21:56:17,339",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10288
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e9000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10289
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10290
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10291
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10292
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10293
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10294
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10295
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 10296
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00070000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10297
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10298
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10299
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10300
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10301
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10302
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10303
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10304
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10305
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10306
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10307
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10308
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10309
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10310
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              }
            ],
            "repeated": 0,
            "id": 10311
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00085000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10312
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10313
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10314
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10315
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10316
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10317
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10318
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00085000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10319
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10320
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10321
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10322
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10323
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10324
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10325
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibl.ttf"
              }
            ],
            "repeated": 0,
            "id": 10326
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00050000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10327
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10328
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10329
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10330
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10331
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00050000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10332
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10333
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10334
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10335
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10336
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10337
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10338
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguibli.ttf"
              }
            ],
            "repeated": 0,
            "id": 10339
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00057000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10340
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10341
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00057000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10342
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10343
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10344
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10345
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10346
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10347
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10348
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguiemj.ttf"
              }
            ],
            "repeated": 0,
            "id": 10349
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x001fa000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10350
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10351
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10352
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10353
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10354
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x001fa000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10355
          },
          {
            "timestamp": "2026-06-28 21:56:17,354",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10356
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10357
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10358
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10359
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10360
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10361
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguihis.ttf"
              }
            ],
            "repeated": 0,
            "id": 10362
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00156000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10363
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10364
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10365
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10366
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10367
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ae8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10368
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00156000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10369
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10370
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10371
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10372
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10373
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10374
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10375
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              }
            ],
            "repeated": 0,
            "id": 10376
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00258000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10377
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10378
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10379
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10380
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10381
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10382
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00258000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10383
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10384
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10385
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10386
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10387
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10388
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10389
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              }
            ],
            "repeated": 0,
            "id": 10390
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0115f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10391
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10392
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10393
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10394
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10395
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10396
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10397
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aeb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10398
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0115f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10399
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10400
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10401
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10402
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10403
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10404
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10405
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsun.ttc"
              }
            ],
            "repeated": 0,
            "id": 10406
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x0115f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10407
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10408
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10409
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10410
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10411
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aec000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10412
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x0115f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10413
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10414
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10415
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10416
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10417
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10418
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10419
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\simsunb.ttf"
              }
            ],
            "repeated": 0,
            "id": 10420
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x01047000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10421
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10422
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10423
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10424
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10425
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10426
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10427
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x01047000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10428
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10429
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10430
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10431
          },
          {
            "timestamp": "2026-06-28 21:56:17,370",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10432
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10433
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10434
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10435
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10436
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10437
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10438
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10439
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10440
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10441
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10442
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10443
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10444
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10445
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10446
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10447
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10448
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10449
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10450
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10451
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10452
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10453
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10454
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10455
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10456
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09aef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10457
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10458
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10459
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10460
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10461
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10462
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10463
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10464
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10465
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10466
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10467
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10468
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10469
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10470
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10471
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10472
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10473
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10474
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10475
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10476
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10477
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10478
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10479
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10480
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10481
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10482
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10483
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00042000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10484
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10485
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10486
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10487
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10488
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10489
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10490
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10491
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10492
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10493
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10494
          },
          {
            "timestamp": "2026-06-28 21:56:17,385",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10495
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10496
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10497
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10498
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10499
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10500
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10501
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10502
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10503
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10504
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10505
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10506
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10507
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10508
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10509
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10510
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10511
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10512
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10513
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10514
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10515
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10516
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10517
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10518
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10519
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10520
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10521
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10522
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10523
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10524
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10525
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10526
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10527
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10528
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10529
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10530
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10531
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10532
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10533
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10534
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10535
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10536
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10537
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10538
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10539
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10540
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10541
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10542
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09af8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10543
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10544
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10545
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10546
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10547
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10548
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10549
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10550
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10551
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10552
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10553
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10554
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10555
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10556
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09afa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10557
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10558
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10559
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10560
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10561
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10562
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10563
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10564
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004dc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10565
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10566
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10567
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10568
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10569
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10570
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09afb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10571
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10572
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 10573
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10574
          },
          {
            "timestamp": "2026-06-28 21:56:17,401",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10575
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10576
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10577
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10578
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10579
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10580
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10581
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10582
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10583
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10584
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09afd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10585
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10586
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10587
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10588
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10589
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10590
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10591
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10592
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10593
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10594
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10595
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10596
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10597
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10598
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09afe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10599
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10600
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10601
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10602
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10603
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10604
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10605
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10606
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10607
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10608
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10609
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10610
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10611
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10612
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10613
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10614
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10615
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10616
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10617
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10618
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10619
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10620
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10621
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10622
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10623
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10624
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10625
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10626
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10627
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00043000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10628
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10629
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10630
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10631
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10632
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10633
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10634
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10635
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10636
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10637
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10638
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10639
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ce2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00044000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10640
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10641
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10642
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10643
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10644
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10645
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10646
          },
          {
            "timestamp": "2026-06-28 21:56:17,417",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10647
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10648
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10649
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10650
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10651
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10652
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10653
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10654
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10655
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10656
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b04000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10657
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10658
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10659
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10660
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10661
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10662
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10663
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10664
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10665
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10666
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10667
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10668
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10669
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10670
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b06000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10671
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10672
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10673
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10674
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10675
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10676
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10677
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10678
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10679
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10680
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10681
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10682
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10683
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10684
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b07000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10685
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10686
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10687
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10688
          },
          {
            "timestamp": "2026-06-28 21:56:17,432",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10689
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10690
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10691
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10692
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10693
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10694
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10695
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10696
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10697
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10698
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10699
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10700
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10701
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10702
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10703
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10704
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10705
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10706
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10707
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10708
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10709
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10710
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10711
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10712
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b0a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10713
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10714
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10715
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10716
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10717
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10718
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10719
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10720
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\Sitka.ttc"
              }
            ],
            "repeated": 0,
            "id": 10721
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e7000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10722
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10723
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10724
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10725
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10726
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10727
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e7000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10728
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10729
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10730
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10731
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10732
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10733
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10734
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaI.ttc"
              }
            ],
            "repeated": 0,
            "id": 10735
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f2000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10736
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10737
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10738
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10739
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10740
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b0d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10741
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f2000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10742
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10743
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10744
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10745
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10746
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10747
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10748
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaB.ttc"
              }
            ],
            "repeated": 0,
            "id": 10749
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000e5000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10750
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10751
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10752
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10753
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10754
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10755
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e5000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10756
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10757
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10758
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10759
          },
          {
            "timestamp": "2026-06-28 21:56:17,448",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10760
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10761
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10762
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SitkaZ.ttc"
              }
            ],
            "repeated": 0,
            "id": 10763
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x000f0000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10764
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10765
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10766
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10767
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10768
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10769
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000f0000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10770
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10771
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10772
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10773
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10774
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10775
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10776
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\sylfaen.ttf"
              }
            ],
            "repeated": 0,
            "id": 10777
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10778
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10779
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10780
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10781
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10782
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10783
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10784
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10785
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10786
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10787
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10788
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10789
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10790
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\symbol.ttf"
              }
            ],
            "repeated": 0,
            "id": 10791
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10792
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10793
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10794
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10795
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10796
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10797
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10798
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b12000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10799
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10800
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 10801
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10802
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10803
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10804
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10805
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10806
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahoma.ttf"
              }
            ],
            "repeated": 0,
            "id": 10807
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000e6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10808
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10809
          },
          {
            "timestamp": "2026-06-28 21:56:17,464",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10810
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10811
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10812
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10813
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b13000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10814
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10815
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10816
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10817
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10818
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10819
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10820
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10821
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\tahomabd.ttf"
              }
            ],
            "repeated": 0,
            "id": 10822
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000d4000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10823
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10824
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10825
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10826
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10827
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b15000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10828
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d4000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10829
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10830
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10831
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10832
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10833
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10834
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10835
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              }
            ],
            "repeated": 0,
            "id": 10836
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00124000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10837
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10838
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10839
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10840
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10841
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10842
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00124000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10843
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10844
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10845
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10846
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10847
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10848
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10849
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesi.ttf"
              }
            ],
            "repeated": 0,
            "id": 10850
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000e6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10851
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10852
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10853
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10854
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10855
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10856
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09671000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10857
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10858
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10859
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10860
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000e6000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10861
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10862
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10863
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10864
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10865
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10866
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10867
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 10868
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00120000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10869
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10870
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10871
          },
          {
            "timestamp": "2026-06-28 21:56:17,479",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10872
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10873
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10874
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00120000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10875
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10876
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10877
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10878
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10879
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10880
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10881
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\timesbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 10882
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x000d8000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10883
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10884
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10885
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10886
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10887
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10888
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10889
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x000d8000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10890
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10891
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10892
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10893
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10894
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10895
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10896
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebuc.ttf"
              }
            ],
            "repeated": 0,
            "id": 10897
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10898
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10899
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10900
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10901
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10902
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10903
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10904
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b1f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10905
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10906
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10907
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10908
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10909
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10910
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10911
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10912
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucit.ttf"
              }
            ],
            "repeated": 0,
            "id": 10913
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10914
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10915
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10916
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10917
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10918
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10919
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10920
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10921
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10922
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10923
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10924
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10925
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10926
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10927
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbd.ttf"
              }
            ],
            "repeated": 0,
            "id": 10928
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10929
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10930
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10931
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10932
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10933
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10934
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10935
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10936
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10937
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10938
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10939
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10940
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10941
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\trebucbi.ttf"
              }
            ],
            "repeated": 0,
            "id": 10942
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00038000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10943
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10944
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10945
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10946
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10947
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10948
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b23000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10949
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00038000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10950
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10951
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10952
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10953
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10954
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10955
          },
          {
            "timestamp": "2026-06-28 21:56:17,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10956
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdana.ttf"
              }
            ],
            "repeated": 0,
            "id": 10957
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0003c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10958
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10959
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10960
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10961
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10962
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10963
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b25000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10964
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0003c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10965
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10966
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10967
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10968
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10969
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10970
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10971
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanai.ttf"
              }
            ],
            "repeated": 0,
            "id": 10972
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10973
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10974
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10975
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10976
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10977
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10978
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10979
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10980
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10981
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x00100000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10982
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09760000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10983
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10984
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10985
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 10986
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10987
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanab.ttf"
              }
            ],
            "repeated": 0,
            "id": 10988
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00034000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10989
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 10990
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10991
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 10992
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 10993
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10994
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00034000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 10995
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 10996
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 10997
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 10998
          },
          {
            "timestamp": "2026-06-28 21:56:17,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 10999
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11000
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11001
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\verdanaz.ttf"
              }
            ],
            "repeated": 0,
            "id": 11002
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11003
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11004
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11005
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11006
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11007
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11008
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11009
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11010
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11011
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11012
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11013
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11014
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11015
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\webdings.ttf"
              }
            ],
            "repeated": 0,
            "id": 11016
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11017
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11018
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11019
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11020
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11021
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b29000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11022
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11023
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11024
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11025
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11026
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11027
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11028
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11029
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\wingding.ttf"
              }
            ],
            "repeated": 0,
            "id": 11030
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11031
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11032
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11033
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11034
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11035
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11036
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11037
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11038
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11039
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11040
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11041
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11042
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11043
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              }
            ],
            "repeated": 0,
            "id": 11044
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11045
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11046
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11047
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11048
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11049
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11050
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11051
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b2c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11052
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11053
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11054
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11055
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11056
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11057
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11058
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11059
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11060
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              }
            ],
            "repeated": 0,
            "id": 11061
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11062
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11063
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11064
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11065
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09736000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11066
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11067
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11068
          },
          {
            "timestamp": "2026-06-28 21:56:17,526",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11069
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11070
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11071
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11072
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11073
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11074
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11075
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11076
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11077
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11078
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11079
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11080
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              }
            ],
            "repeated": 0,
            "id": 11081
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11082
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11083
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11084
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11085
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11086
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11087
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11088
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11089
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11090
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11091
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11092
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11093
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11094
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11095
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11096
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11097
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              }
            ],
            "repeated": 0,
            "id": 11098
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00dda000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11099
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11100
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11101
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11102
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11103
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11104
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11105
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b33000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11106
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11107
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dda000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11108
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11109
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11110
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11111
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11112
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11113
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11114
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothM.ttc"
              }
            ],
            "repeated": 0,
            "id": 11115
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11116
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11117
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11118
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11119
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11120
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11121
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11122
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b35000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11123
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11124
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d1c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11125
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11126
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11127
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11128
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11129
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11130
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11131
          },
          {
            "timestamp": "2026-06-28 21:56:17,542",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothR.ttc"
              }
            ],
            "repeated": 0,
            "id": 11132
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11133
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11134
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11135
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11136
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11137
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11138
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b38000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11139
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11140
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d0b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11141
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11142
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11143
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11144
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11145
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11146
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11147
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothL.ttc"
              }
            ],
            "repeated": 0,
            "id": 11148
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11149
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11150
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11151
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11152
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11153
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11154
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11155
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11156
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11157
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00d2b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11158
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11159
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11160
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11161
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11162
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11163
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11164
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              }
            ],
            "repeated": 0,
            "id": 11165
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00dda000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11166
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11167
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11168
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11169
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11170
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11171
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11172
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11173
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11174
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dda000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11175
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11176
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11177
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11178
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11179
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11180
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11181
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\YuGothB.ttc"
              }
            ],
            "repeated": 0,
            "id": 11182
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dab8"
              },
              {
                "name": "ViewSize",
                "value": "0x00dda000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11183
          },
          {
            "timestamp": "2026-06-28 21:56:17,557",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11184
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11185
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11186
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11187
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11188
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11189
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09689000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11190
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00dda000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11191
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11192
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11193
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11194
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\EQUATION\\MTEXTRA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11195
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Program Files\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11196
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11197
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Program Files\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF"
              }
            ],
            "repeated": 0,
            "id": 11198
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00002000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11199
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11200
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11201
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11202
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11203
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11204
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11205
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11206
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11207
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11208
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11209
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11210
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTURY.TTF"
              }
            ],
            "repeated": 0,
            "id": 11211
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11212
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11213
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11214
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11215
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11216
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11217
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b41000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11218
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00029000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11219
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11220
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11221
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11222
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11223
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11224
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11225
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWAD.TTF"
              }
            ],
            "repeated": 0,
            "id": 11226
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004dc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11227
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11228
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11229
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11230
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11231
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11232
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11233
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b43000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11234
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11235
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004dc"
              }
            ],
            "repeated": 0,
            "id": 11236
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11237
          },
          {
            "timestamp": "2026-06-28 21:56:17,573",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11238
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11239
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11240
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11241
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LEELAWDB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11242
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11243
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11244
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11245
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09696000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11246
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11247
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11248
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11249
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b44000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11250
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11251
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11252
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11253
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11254
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11255
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11256
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11257
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUR.TTF"
              }
            ],
            "repeated": 0,
            "id": 11258
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00037000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11259
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11260
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11261
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11262
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11263
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11264
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00037000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11265
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11266
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11267
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11268
          },
          {
            "timestamp": "2026-06-28 21:56:17,589",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11269
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11270
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11271
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MSUIGHUB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11272
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00039000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11273
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11274
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11275
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11276
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11277
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b46000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11278
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00039000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11279
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11280
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11281
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11282
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11283
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11284
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11285
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG2.TTF"
              }
            ],
            "repeated": 0,
            "id": 11286
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11287
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11288
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11289
          },
          {
            "timestamp": "2026-06-28 21:56:17,604",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11290
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11291
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11292
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11293
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11294
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11295
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11296
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11297
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\WINGDNG3.TTF"
              }
            ],
            "repeated": 0,
            "id": 11298
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00009000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11299
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11300
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11301
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11302
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11303
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11304
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11305
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11306
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11307
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11308
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11309
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11310
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11311
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TEMPSITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11312
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11313
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11314
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11315
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11316
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11317
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11318
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11319
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11320
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11321
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11322
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11323
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11324
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11325
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11326
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PRISTINA.TTF"
              }
            ],
            "repeated": 0,
            "id": 11327
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11328
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11329
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11330
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11331
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11332
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11333
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11334
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11335
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11336
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11337
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11338
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11339
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11340
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11341
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11342
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PAPYRUS.TTF"
              }
            ],
            "repeated": 0,
            "id": 11343
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11344
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11345
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11346
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11347
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11348
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11349
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11350
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11351
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11352
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11353
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11354
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11355
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11356
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MISTRAL.TTF"
              }
            ],
            "repeated": 0,
            "id": 11357
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11358
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11359
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11360
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11361
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11362
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11363
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11364
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11365
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11366
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11367
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11368
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11369
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11370
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11371
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11372
          },
          {
            "timestamp": "2026-06-28 21:56:17,620",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LHANDW.TTF"
              }
            ],
            "repeated": 0,
            "id": 11373
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11374
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11375
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11376
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11377
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11378
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11379
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11380
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11381
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11382
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11383
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11384
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11385
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11386
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCKRIST.TTF"
              }
            ],
            "repeated": 0,
            "id": 11387
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11388
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11389
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11390
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11391
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11392
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11393
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11394
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11395
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11396
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11397
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11398
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11399
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11400
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11401
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11402
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JUICE___.TTF"
              }
            ],
            "repeated": 0,
            "id": 11403
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11404
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11405
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11406
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11407
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11408
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11409
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11410
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11411
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11412
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11413
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11414
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11415
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11416
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRSCRIPT.TTF"
              }
            ],
            "repeated": 0,
            "id": 11417
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11418
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11419
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11420
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11421
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11422
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11423
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11424
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11425
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11426
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11427
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11428
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11429
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11430
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11431
          },
          {
            "timestamp": "2026-06-28 21:56:17,635",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11432
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FREESCPT.TTF"
              }
            ],
            "repeated": 0,
            "id": 11433
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11434
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11435
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11436
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11437
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11438
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11439
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11440
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11441
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11442
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11443
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11444
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09764000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11445
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11446
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11447
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11448
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11449
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRADHITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11450
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11451
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11452
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11453
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11454
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11455
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11456
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11457
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11458
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11459
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11460
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11461
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11462
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11463
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OUTLOOK.TTF"
              }
            ],
            "repeated": 0,
            "id": 11464
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11465
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11466
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11467
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11468
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11469
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11470
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11471
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11472
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11473
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11474
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11475
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11476
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11477
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11478
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BKANT.TTF"
              }
            ],
            "repeated": 0,
            "id": 11479
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11480
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11481
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11482
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11483
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11484
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11485
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b4f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11486
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11487
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11488
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11489
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11490
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11491
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11492
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11493
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11494
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11495
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11496
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11497
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11498
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11499
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11500
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11501
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11502
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11503
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11504
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11505
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11506
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11507
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11508
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11509
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11510
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11511
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUAB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11512
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11513
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11514
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11515
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11516
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11517
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11518
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11519
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11520
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11521
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11522
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11523
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11524
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11525
          },
          {
            "timestamp": "2026-06-28 21:56:17,651",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11526
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11527
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11528
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ANTQUABI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11529
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11530
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11531
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11532
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11533
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11534
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11535
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11536
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11537
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11538
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11539
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11540
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11541
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11542
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11543
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11544
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11545
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARA.TTF"
              }
            ],
            "repeated": 0,
            "id": 11546
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00031000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11547
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11548
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11549
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11550
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11551
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11552
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11553
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11554
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11555
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b57000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11556
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11557
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11558
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11559
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11560
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11561
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11562
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11563
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARAIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 11564
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11565
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11566
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11567
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11568
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11569
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11570
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11571
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11572
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11573
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11574
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11575
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11576
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11577
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11578
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11579
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11580
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11581
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GARABD.TTF"
              }
            ],
            "repeated": 0,
            "id": 11582
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00031000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11583
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11584
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11585
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11586
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11587
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11588
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11589
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11590
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b5a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11591
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00031000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11592
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11593
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11594
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11595
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11596
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11597
          },
          {
            "timestamp": "2026-06-28 21:56:17,667",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11598
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MTCORSVA.TTF"
              }
            ],
            "repeated": 0,
            "id": 11599
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00027000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11600
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11601
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11602
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11603
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11604
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11605
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11606
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b5c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11607
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00027000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11608
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11609
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11610
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11611
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11612
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11613
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11614
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHIC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11615
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11616
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11617
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11618
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11619
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11620
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11621
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11622
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11623
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b5e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11624
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11625
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11626
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11627
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11628
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11629
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11630
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11631
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11632
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11633
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11634
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11635
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11636
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11637
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11638
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11639
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11640
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11641
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11642
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11643
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11644
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11645
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11646
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11647
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11648
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11649
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00020000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11650
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11651
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11652
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11653
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11654
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11655
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11656
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b62000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11657
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00020000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11658
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11659
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11660
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11661
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11662
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11663
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11664
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOTHICBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11665
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00022000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11666
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11667
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11668
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11669
          },
          {
            "timestamp": "2026-06-28 21:56:17,682",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11670
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11671
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11672
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11673
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11674
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00022000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11675
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11676
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11677
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11678
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11679
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11680
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11681
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ALGER.TTF"
              }
            ],
            "repeated": 0,
            "id": 11682
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004f0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11683
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11684
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11685
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11686
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11687
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11688
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11689
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11690
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004f0"
              }
            ],
            "repeated": 0,
            "id": 11691
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11692
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11693
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11694
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11695
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11696
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BASKVILL.TTF"
              }
            ],
            "repeated": 0,
            "id": 11697
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11698
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11699
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11700
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11701
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11702
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11703
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11704
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11705
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b66000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11706
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11707
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11708
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11709
          },
          {
            "timestamp": "2026-06-28 21:56:17,698",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11710
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11711
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11712
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11713
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BAUHS93.TTF"
              }
            ],
            "repeated": 0,
            "id": 11714
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11715
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11716
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11717
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11718
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11719
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11720
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11721
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11722
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11723
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11724
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11725
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11726
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11727
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELL.TTF"
              }
            ],
            "repeated": 0,
            "id": 11728
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11729
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11730
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11731
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11732
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11733
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11734
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11735
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b67000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11736
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11737
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11738
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11739
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11740
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11741
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11742
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11743
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11744
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11745
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11746
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11747
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11748
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11749
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11750
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11751
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11752
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11753
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11754
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11755
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11756
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11757
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11758
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11759
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BELLB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11760
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11761
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11762
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11763
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11764
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11765
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11766
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11767
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11768
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11769
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11770
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11771
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11772
          },
          {
            "timestamp": "2026-06-28 21:56:17,714",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11773
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11774
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11775
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSR.TTF"
              }
            ],
            "repeated": 0,
            "id": 11776
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11777
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11778
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11779
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11780
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11781
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11782
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11783
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11784
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11785
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11786
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11787
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11788
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11789
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSDB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11790
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11791
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11792
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11793
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11794
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11795
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11796
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11797
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11798
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11799
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11800
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11801
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11802
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11803
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11804
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11805
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRLNSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11806
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11807
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11808
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11809
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11810
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11811
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11812
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11813
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11814
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11815
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11816
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11817
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11818
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11819
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11820
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11821
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BERNHC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11822
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11823
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11824
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11825
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11826
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11827
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11828
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11829
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11830
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11831
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11832
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11833
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11834
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11835
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_PSTC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11836
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11837
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11838
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11839
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11840
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11841
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11842
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11843
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b6d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11844
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11845
          },
          {
            "timestamp": "2026-06-28 21:56:17,729",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 11846
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11847
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11848
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11849
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11850
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11851
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRITANIC.TTF"
              }
            ],
            "repeated": 0,
            "id": 11852
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11853
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11854
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11855
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11856
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11857
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11858
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11859
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11860
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11861
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11862
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11863
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11864
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11865
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BROADW.TTF"
              }
            ],
            "repeated": 0,
            "id": 11866
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11867
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11868
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11869
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11870
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11871
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11872
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11873
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11874
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11875
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11876
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11877
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11878
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11879
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11880
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11881
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BRUSHSCI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11882
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11883
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11884
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11885
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11886
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11887
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11888
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11889
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11890
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11891
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11892
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11893
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11894
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11895
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11896
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11897
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFR.TTF"
              }
            ],
            "repeated": 0,
            "id": 11898
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11899
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11900
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11901
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11902
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11903
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11904
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11905
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b71000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11906
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11907
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11908
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11909
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11910
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11911
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11912
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11913
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFI.TTF"
              }
            ],
            "repeated": 0,
            "id": 11914
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00019000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11915
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11916
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11917
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11918
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11919
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11920
          },
          {
            "timestamp": "2026-06-28 21:56:17,745",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11921
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11922
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11923
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11924
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11925
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11926
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11927
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11928
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11929
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIFB.TTF"
              }
            ],
            "repeated": 0,
            "id": 11930
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11931
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11932
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11933
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11934
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11935
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11936
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11937
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b73000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11938
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11939
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11940
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11941
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11942
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11943
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11944
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11945
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENTAUR.TTF"
              }
            ],
            "repeated": 0,
            "id": 11946
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11947
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11948
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11949
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11950
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11951
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11952
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11953
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11954
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11955
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11956
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11957
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11958
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11959
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11960
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11961
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CHILLER.TTF"
              }
            ],
            "repeated": 0,
            "id": 11962
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11963
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11964
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11965
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11966
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11967
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11968
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11969
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11970
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11971
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11972
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11973
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11974
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11975
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11976
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COLONNA.TTF"
              }
            ],
            "repeated": 0,
            "id": 11977
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11978
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11979
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11980
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11981
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11982
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11983
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 11984
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b75000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11985
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 11986
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 11987
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 11988
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11989
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11990
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 11991
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 11992
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COOPBL.TTF"
              }
            ],
            "repeated": 0,
            "id": 11993
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11994
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 11995
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11996
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11997
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 11998
          },
          {
            "timestamp": "2026-06-28 21:56:17,760",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 11999
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12000
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12001
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12002
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12003
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12004
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12005
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12006
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FTLTLT.TTF"
              }
            ],
            "repeated": 0,
            "id": 12007
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12008
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12009
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12010
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12011
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12012
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12013
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12014
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b76000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12015
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12016
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12017
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12018
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12019
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12020
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12021
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12022
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARLOWSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12023
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12024
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12025
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12026
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12027
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12028
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12029
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12030
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12031
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12032
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12033
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12034
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12035
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12036
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HARNGTON.TTF"
              }
            ],
            "repeated": 0,
            "id": 12037
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12038
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12039
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12040
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12041
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12042
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12043
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12044
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12045
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12046
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12047
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12048
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12049
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12050
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12051
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12052
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERT.TTF"
              }
            ],
            "repeated": 0,
            "id": 12053
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12054
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12055
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12056
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12057
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12058
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12059
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12060
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12061
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12062
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12063
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12064
          },
          {
            "timestamp": "2026-06-28 21:56:17,776",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12065
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12066
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12067
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12068
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HTOWERTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12069
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12070
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12071
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12072
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12073
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12074
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12075
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12076
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b79000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12077
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12078
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12079
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12080
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12081
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12082
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12083
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12084
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\JOKERMAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 12085
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12086
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12087
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12088
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12089
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12090
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12091
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12092
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12093
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12094
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12095
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12096
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12097
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12098
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12099
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\KUNSTLER.TTF"
              }
            ],
            "repeated": 0,
            "id": 12100
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12101
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12102
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12103
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12104
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12105
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12106
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12107
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12108
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12109
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12110
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12111
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12112
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12113
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12114
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12115
          },
          {
            "timestamp": "2026-06-28 21:56:17,792",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITE.TTF"
              }
            ],
            "repeated": 0,
            "id": 12116
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12117
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12118
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12119
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12120
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12121
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12122
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12123
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12124
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12125
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12126
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12127
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12128
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12129
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITED.TTF"
              }
            ],
            "repeated": 0,
            "id": 12130
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12131
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12132
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12133
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12134
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12135
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12136
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12137
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12138
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12139
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12140
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12141
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12142
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12143
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12144
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12145
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12146
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12147
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12148
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12149
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12150
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12151
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12152
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12153
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12154
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12155
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12156
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12157
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12158
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12159
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LBRITEDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12160
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12161
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12162
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12163
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12164
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12165
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12166
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12167
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12168
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12169
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12170
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12171
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12172
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12173
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LCALLIG.TTF"
              }
            ],
            "repeated": 0,
            "id": 12174
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12175
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12176
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12177
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12178
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12179
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12180
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12181
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12182
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12183
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12184
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12185
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12186
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12187
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12188
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12189
          },
          {
            "timestamp": "2026-06-28 21:56:17,807",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAX.TTF"
              }
            ],
            "repeated": 0,
            "id": 12190
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12191
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12192
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12193
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12194
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12195
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12196
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12197
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12198
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12199
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12200
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12201
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12202
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12203
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXD.TTF"
              }
            ],
            "repeated": 0,
            "id": 12204
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12205
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12206
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12207
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12208
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12209
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12210
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12211
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12212
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12213
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12214
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12215
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12216
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12217
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12218
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12219
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12220
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12221
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12222
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12223
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12224
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12225
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12226
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12227
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12228
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12229
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12230
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12231
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12232
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12233
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LFAXDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12234
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12235
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12236
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12237
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12238
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12239
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12240
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12241
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12242
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12243
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12244
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12245
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12246
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12247
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12248
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12249
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAGNETOB.TTF"
              }
            ],
            "repeated": 0,
            "id": 12250
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12251
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12252
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12253
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12254
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12255
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12256
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12257
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12258
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12259
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12260
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12261
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12262
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12263
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12264
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12265
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MATURASC.TTF"
              }
            ],
            "repeated": 0,
            "id": 12266
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12267
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12268
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12269
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12270
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12271
          },
          {
            "timestamp": "2026-06-28 21:56:17,823",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12272
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12273
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12274
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12275
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12276
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12277
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12278
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12279
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12280
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12281
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12282
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MOD20.TTF"
              }
            ],
            "repeated": 0,
            "id": 12283
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12284
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12285
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12286
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12287
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12288
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12289
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12290
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12291
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12292
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12293
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12294
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12295
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12296
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGENG.TTF"
              }
            ],
            "repeated": 0,
            "id": 12297
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00018000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12298
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12299
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12300
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12301
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12302
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12303
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12304
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12305
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12306
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12307
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12308
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12309
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12310
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12311
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12312
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\NIAGSOL.TTF"
              }
            ],
            "repeated": 0,
            "id": 12313
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12314
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12315
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12316
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12317
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12318
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12319
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12320
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b82000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12321
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12322
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12323
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12324
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12325
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12326
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12327
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12328
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OLDENGL.TTF"
              }
            ],
            "repeated": 0,
            "id": 12329
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00017000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12330
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12331
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12332
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12333
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12334
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09687000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12335
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12336
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12337
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12338
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b83000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12339
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12340
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12341
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12342
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12343
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12344
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12345
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12346
          },
          {
            "timestamp": "2026-06-28 21:56:17,839",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ONYX.TTF"
              }
            ],
            "repeated": 0,
            "id": 12347
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12348
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12349
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12350
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12351
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12352
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12353
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12354
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12355
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12356
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12357
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12358
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12359
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12360
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12361
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12362
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PARCHM.TTF"
              }
            ],
            "repeated": 0,
            "id": 12363
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12364
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12365
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12366
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12367
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12368
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12369
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12370
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b84000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12371
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00025000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12372
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12373
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12374
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12375
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12376
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12377
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12378
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PLAYBILL.TTF"
              }
            ],
            "repeated": 0,
            "id": 12379
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12380
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12381
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12382
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12383
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12384
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12385
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12386
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12387
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12388
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12389
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12390
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12391
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12392
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\POORICH.TTF"
              }
            ],
            "repeated": 0,
            "id": 12393
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12394
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12395
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12396
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12397
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12398
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12399
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12400
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12401
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12402
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12403
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12404
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12405
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12406
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12407
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12408
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12409
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12410
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12411
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ec"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAVIE.TTF"
              }
            ],
            "repeated": 0,
            "id": 12412
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12413
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12414
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12415
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12416
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12417
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12418
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12419
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b86000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12420
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12421
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e8"
              }
            ],
            "repeated": 0,
            "id": 12422
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12423
          },
          {
            "timestamp": "2026-06-28 21:56:17,854",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12424
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12425
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12426
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12427
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\INFROMAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 12428
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12429
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12430
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12431
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12432
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12433
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12434
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12435
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ec"
              }
            ],
            "repeated": 0,
            "id": 12436
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e4"
              }
            ],
            "repeated": 0,
            "id": 12437
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12438
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12439
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12440
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12441
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SHOWG.TTF"
              }
            ],
            "repeated": 0,
            "id": 12442
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12443
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12444
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12445
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12446
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12447
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12448
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12449
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b87000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12450
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12451
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 12452
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12453
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12454
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12455
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12456
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12457
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SNAP____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12458
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12459
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12460
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12461
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12462
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12463
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12464
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12465
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12466
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12467
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 12468
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12469
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12470
          },
          {
            "timestamp": "2026-06-28 21:56:17,870",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12471
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12472
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12473
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\STENCIL.TTF"
              }
            ],
            "repeated": 0,
            "id": 12474
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12475
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12476
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12477
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12478
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12479
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12480
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12481
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004b4"
              }
            ],
            "repeated": 0,
            "id": 12482
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12483
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09767000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12484
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12485
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12486
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12487
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12488
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VINERITC.TTF"
              }
            ],
            "repeated": 0,
            "id": 12489
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12490
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12491
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12492
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12493
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12494
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12495
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12496
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b89000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12497
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12498
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12499
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12500
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12501
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12502
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12503
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12504
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VIVALDII.TTF"
              }
            ],
            "repeated": 0,
            "id": 12505
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12506
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12507
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12508
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12509
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12510
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12511
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12512
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12513
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12514
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12515
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12516
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12517
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12518
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12519
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12520
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\VLADIMIR.TTF"
              }
            ],
            "repeated": 0,
            "id": 12521
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12522
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12523
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12524
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12525
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12526
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12527
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12528
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12529
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12530
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12531
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12532
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12533
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12534
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LATINWD.TTF"
              }
            ],
            "repeated": 0,
            "id": 12535
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12536
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12537
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12538
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12539
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12540
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12541
          },
          {
            "timestamp": "2026-06-28 21:56:17,885",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12542
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12543
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12544
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12545
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12546
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12547
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12548
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12549
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12550
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCM_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12551
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12552
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12553
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12554
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12555
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12556
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12557
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12558
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12559
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12560
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12561
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12562
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12563
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12564
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12565
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12566
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12567
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12568
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCMI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12569
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12570
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12571
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12572
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12573
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12574
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12575
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12576
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12577
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12578
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12579
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12580
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12581
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12582
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12583
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12584
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCB_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12585
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12586
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12587
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12588
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12589
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12590
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12591
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12592
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12593
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12594
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12595
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12596
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12597
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12598
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12599
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12600
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCBI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12601
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12602
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12603
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12604
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12605
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12606
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12607
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12608
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b8f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12609
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12610
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12611
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12612
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12613
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12614
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12615
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12616
          },
          {
            "timestamp": "2026-06-28 21:56:17,901",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCM____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12617
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12618
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12619
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12620
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12621
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12622
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12623
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12624
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b91000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12625
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12626
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12627
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12628
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12629
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12630
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12631
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12632
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12633
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12634
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12635
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12636
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12637
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12638
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12639
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12640
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12641
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12642
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12643
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12644
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12645
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12646
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12647
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12648
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\TCCEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 12649
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12650
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12651
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12652
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12653
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12654
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12655
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12656
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b93000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12657
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12658
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12659
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12660
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12661
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12662
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12663
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12664
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCRIPTBL.TTF"
              }
            ],
            "repeated": 0,
            "id": 12665
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12666
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12667
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12668
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12669
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12670
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12671
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12672
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12673
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12674
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12675
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12676
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12677
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12678
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12679
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12680
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCK.TTF"
              }
            ],
            "repeated": 0,
            "id": 12681
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12682
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12683
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12684
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12685
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12686
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12687
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12688
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b95000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12689
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12690
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12691
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12692
          },
          {
            "timestamp": "2026-06-28 21:56:17,917",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12693
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12694
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12695
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12696
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12697
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12698
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12699
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12700
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12701
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12702
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12703
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12704
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12705
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12706
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12707
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12708
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12709
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12710
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12711
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12712
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKB.TTF"
              }
            ],
            "repeated": 0,
            "id": 12713
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12714
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12715
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12716
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12717
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12718
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12719
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12720
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b97000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12721
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12722
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12723
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12724
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12725
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12726
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12727
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12728
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 12729
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12730
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12731
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12732
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12733
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12734
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12735
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12736
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12737
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12738
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12739
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12740
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12741
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12742
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12743
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12744
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCKBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12745
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12746
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12747
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12748
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12749
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12750
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12751
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12752
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b99000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12753
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12754
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12755
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12756
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12757
          },
          {
            "timestamp": "2026-06-28 21:56:17,932",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12758
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12759
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12760
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCC____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12761
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12762
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12763
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12764
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12765
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12766
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12767
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12768
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12769
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12770
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12771
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 12772
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12773
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12774
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12775
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12776
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12777
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ROCCB___.TTF"
              }
            ],
            "repeated": 0,
            "id": 12778
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12779
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12780
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12781
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12782
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12783
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12784
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12785
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12786
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b9b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12787
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12788
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12789
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12790
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12791
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12792
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12793
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12794
          },
          {
            "timestamp": "2026-06-28 21:56:17,948",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\RAGE.TTF"
              }
            ],
            "repeated": 0,
            "id": 12795
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12796
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12797
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12798
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12799
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12800
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12801
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12802
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12803
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b9d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12804
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12805
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12806
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12807
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12808
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12809
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12810
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12811
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTILI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12812
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12813
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12814
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12815
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12816
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12817
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12818
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12819
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12820
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12821
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12822
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12823
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12824
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12825
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12826
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12827
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12828
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERTIBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 12829
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12830
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12831
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12832
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12833
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12834
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12835
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12836
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12837
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12838
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12839
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09b9f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12840
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12841
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12842
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12843
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12844
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12845
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12846
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12847
          },
          {
            "timestamp": "2026-06-28 21:56:17,964",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PER_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12848
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12849
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12850
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12851
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12852
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12853
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12854
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12855
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12856
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12857
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12858
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12859
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12860
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12861
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12862
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12863
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12864
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12865
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12866
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12867
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12868
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12869
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12870
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12871
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12872
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12873
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12874
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12875
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12876
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12877
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12878
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12879
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 12880
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12881
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12882
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12883
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12884
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12885
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12886
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12887
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12888
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12889
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12890
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12891
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12892
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12893
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12894
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12895
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PERBI___.TTF"
              }
            ],
            "repeated": 0,
            "id": 12896
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12897
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12898
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12899
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12900
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12901
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12902
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12903
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12904
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12905
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12906
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12907
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12908
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12909
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12910
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12911
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\PALSCRI.TTF"
              }
            ],
            "repeated": 0,
            "id": 12912
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12913
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12914
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12915
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12916
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12917
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12918
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12919
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12920
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12921
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12922
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12923
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12924
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12925
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12926
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12927
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\OCRAEXT.TTF"
              }
            ],
            "repeated": 0,
            "id": 12928
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12929
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12930
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12931
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12932
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12933
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12934
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12935
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12936
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12937
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12938
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12939
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12940
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12941
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12942
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12943
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\MAIAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 12944
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12945
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12946
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12947
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12948
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12949
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12950
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12951
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12952
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12953
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12954
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12955
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12956
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12957
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12958
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12959
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPE.TTF"
              }
            ],
            "repeated": 0,
            "id": 12960
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12961
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12962
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12963
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12964
          },
          {
            "timestamp": "2026-06-28 21:56:17,979",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12965
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12966
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12967
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12968
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12969
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12970
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12971
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12972
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12973
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEO.TTF"
              }
            ],
            "repeated": 0,
            "id": 12974
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12975
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12976
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12977
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12978
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12979
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12980
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12981
          },
          {
            "timestamp": "2026-06-28 21:56:17,995",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12982
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12983
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 12984
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 12985
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12986
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12987
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 12988
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 12989
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEB.TTF"
              }
            ],
            "repeated": 0,
            "id": 12990
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12991
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 12992
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12993
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12994
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 12995
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12996
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 12997
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 12998
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 12999
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13000
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13001
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13002
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13003
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13004
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13005
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LTYPEBO.TTF"
              }
            ],
            "repeated": 0,
            "id": 13006
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13007
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13008
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13009
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13010
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13011
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13012
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13013
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13014
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13015
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13016
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13017
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13018
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13019
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANS.TTF"
              }
            ],
            "repeated": 0,
            "id": 13020
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13021
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13022
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13023
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13024
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13025
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13026
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13027
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09ba9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13028
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13029
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13030
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13031
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13032
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13033
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13034
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13035
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13036
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13037
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13038
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13039
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13040
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13041
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13042
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13043
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13044
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13045
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13046
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13047
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13048
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13049
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13050
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13051
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13052
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13053
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13054
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13055
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13056
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13057
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09baa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13058
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13059
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 13060
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13061
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13062
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13063
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13064
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13065
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\LSANSDI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13066
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13067
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13068
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13069
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13070
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13071
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13072
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13073
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bab000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13074
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13075
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 13076
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13077
          },
          {
            "timestamp": "2026-06-28 21:56:18,010",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13078
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13079
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13080
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13081
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\IMPRISHA.TTF"
              }
            ],
            "repeated": 0,
            "id": 13082
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13083
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13084
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13085
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13086
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13087
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13088
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13089
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13090
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13091
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13092
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13093
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13094
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13095
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\HATTEN.TTF"
              }
            ],
            "repeated": 0,
            "id": 13096
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0001b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13097
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13098
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13099
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13100
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13101
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13102
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13103
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13104
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13105
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13106
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13107
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13108
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13109
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13110
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13111
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDYSTO.TTF"
              }
            ],
            "repeated": 0,
            "id": 13112
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13113
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13114
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13115
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13116
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13117
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13118
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13119
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bad000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13120
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13121
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13122
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13123
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13124
          },
          {
            "timestamp": "2026-06-28 21:56:18,026",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13125
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13126
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13127
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOS.TTF"
              }
            ],
            "repeated": 0,
            "id": 13128
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13129
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13130
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13131
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13132
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13133
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13134
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13135
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13136
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13137
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0976a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13138
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13139
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13140
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13141
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13142
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13143
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13144
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13145
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13146
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13147
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13148
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13149
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13150
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bae000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13151
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13152
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13153
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13154
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13155
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13156
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13157
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13158
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GOUDOSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13159
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13160
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13161
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13162
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13163
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13164
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13165
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13166
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09baf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13167
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13168
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13169
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13170
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13171
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13172
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13173
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13174
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLECB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13175
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13176
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13177
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13178
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13179
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13180
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13181
          },
          {
            "timestamp": "2026-06-28 21:56:18,042",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13182
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13183
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13184
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13185
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13186
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13187
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13188
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13189
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILSANUB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13190
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13191
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13192
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13193
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13194
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13195
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13196
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13197
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13198
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13199
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13200
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13201
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13202
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13203
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13204
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13205
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13206
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILLUBCD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13207
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13208
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13209
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13210
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13211
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13212
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13213
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13214
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13215
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13216
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13217
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13218
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13219
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13220
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13221
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13222
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIL_____.TTF"
              }
            ],
            "repeated": 0,
            "id": 13223
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13224
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13225
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13226
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13227
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13228
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13229
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13230
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13231
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13232
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13233
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13234
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13235
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13236
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13237
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13238
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13239
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILI____.TTF"
              }
            ],
            "repeated": 0,
            "id": 13240
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13241
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13242
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13243
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13244
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13245
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13246
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13247
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13248
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13249
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13250
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13251
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13252
          },
          {
            "timestamp": "2026-06-28 21:56:18,057",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13253
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13254
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13255
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13256
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004c8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILB____.TTF"
              }
            ],
            "repeated": 0,
            "id": 13257
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13258
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13259
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13260
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13261
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13262
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13263
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13264
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13265
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13266
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13267
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13268
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13269
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 1,
            "id": 13270
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13271
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13272
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13273
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13274
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13275
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILBI___.TTF"
              }
            ],
            "repeated": 0,
            "id": 13276
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13277
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13278
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13279
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13280
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13281
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13282
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13283
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13284
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13285
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13286
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13287
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13288
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13289
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13290
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13291
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GILC____.TTF"
              }
            ],
            "repeated": 0,
            "id": 13292
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13293
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13294
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13295
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13296
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13297
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13298
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13299
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13300
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13301
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13302
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13303
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13304
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13305
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13306
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13307
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GLSNECB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13308
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13309
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13310
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13311
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13312
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13313
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13314
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13315
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bb9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13316
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13317
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13318
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13319
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13320
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13321
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13322
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13323
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\GIGI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13324
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00023000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13325
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13326
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13327
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13328
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13329
          },
          {
            "timestamp": "2026-06-28 21:56:18,073",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13330
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13331
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13332
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13333
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13334
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13335
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13336
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13337
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABK.TTF"
              }
            ],
            "repeated": 0,
            "id": 13338
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13339
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13340
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13341
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13342
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13343
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0968d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13344
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13345
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13346
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bba000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13347
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13348
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13349
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13350
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13351
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13352
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13353
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13354
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FRABKIT.TTF"
              }
            ],
            "repeated": 0,
            "id": 13355
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13356
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13357
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13358
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13359
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13360
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13361
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13362
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bbc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13363
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13364
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13365
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13366
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13367
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13368
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13369
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13370
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FORTE.TTF"
              }
            ],
            "repeated": 0,
            "id": 13371
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13372
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13373
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13374
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13375
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13376
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13377
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13378
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bbd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13379
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13380
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13381
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13382
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13383
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13384
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13385
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13386
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\FELIXTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13387
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13388
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13389
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13390
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13391
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13392
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13393
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13394
          },
          {
            "timestamp": "2026-06-28 21:56:18,089",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13395
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13396
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13397
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13398
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13399
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13400
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASMD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13401
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13402
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13403
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13404
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13405
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13406
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13407
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13408
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13409
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bbe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13410
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13411
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13412
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13413
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13414
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13415
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13416
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13417
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASLGHT.TTF"
              }
            ],
            "repeated": 0,
            "id": 13418
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13419
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13420
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13421
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13422
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13423
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13424
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13425
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13426
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13427
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13428
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13429
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13430
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13431
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13432
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASDEMI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13433
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13434
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13435
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13436
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13437
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13438
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13439
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13440
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bbf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13441
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13442
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13443
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13444
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13445
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13446
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13447
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13448
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ERASBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13449
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13450
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13451
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13452
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13453
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13454
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13455
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13456
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13457
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13458
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13459
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13460
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13461
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13462
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13463
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13464
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ENGR.TTF"
              }
            ],
            "repeated": 0,
            "id": 13465
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13466
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13467
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13468
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13469
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13470
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13471
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13472
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13473
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13474
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13475
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13476
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13477
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13478
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13479
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13480
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13481
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNT.TTF"
              }
            ],
            "repeated": 0,
            "id": 13482
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13483
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13484
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13485
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13486
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13487
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13488
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13489
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13490
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000d000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13491
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13492
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13493
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13494
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13495
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13496
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13497
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ELEPHNTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13498
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13499
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13500
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13501
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13502
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13503
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13504
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09675000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13505
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13506
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13507
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13508
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13509
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13510
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13511
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13512
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13513
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13514
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13515
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCEDSCR.TTF"
              }
            ],
            "repeated": 0,
            "id": 13516
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13517
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13518
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13519
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13520
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13521
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13522
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13523
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13524
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13525
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13526
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13527
          },
          {
            "timestamp": "2026-06-28 21:56:18,104",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13528
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13529
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13530
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CURLZ___.TTF"
              }
            ],
            "repeated": 0,
            "id": 13531
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13532
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13533
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13534
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13535
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13536
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13537
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13538
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13539
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13540
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13541
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13542
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13543
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13544
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13545
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13546
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTL.TTF"
              }
            ],
            "repeated": 0,
            "id": 13547
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13548
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13549
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13550
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13551
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13552
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13553
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13554
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13555
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13556
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13557
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13558
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13559
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13560
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13561
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13562
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\COPRGTB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13563
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13564
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13565
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13566
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13567
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13568
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13569
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13570
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13571
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13572
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13573
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13574
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13575
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13576
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CENSCBK.TTF"
              }
            ],
            "repeated": 0,
            "id": 13577
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13578
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13579
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13580
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13581
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13582
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13583
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13584
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13585
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13586
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13587
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13588
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13589
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13590
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13591
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13592
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13593
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13594
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13595
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13596
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13597
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13598
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13599
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13600
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13601
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13602
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bc8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13603
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13604
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13605
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13606
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13607
          },
          {
            "timestamp": "2026-06-28 21:56:18,120",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13608
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13609
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13610
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13611
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0002a000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13612
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13613
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13614
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13615
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13616
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13617
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13618
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13619
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13620
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13621
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0002a000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13622
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13623
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13624
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13625
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13626
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13627
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13628
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\SCHLBKBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13629
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13630
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13631
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13632
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13633
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13634
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13635
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13636
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13637
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bcc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13638
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13639
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13640
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13641
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13642
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13643
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13644
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13645
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CASTELAR.TTF"
              }
            ],
            "repeated": 0,
            "id": 13646
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13647
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13648
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13649
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13650
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13651
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13652
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13653
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13654
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bce000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13655
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13656
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13657
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13658
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13659
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13660
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13661
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13662
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALIST.TTF"
              }
            ],
            "repeated": 0,
            "id": 13663
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13664
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13665
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13666
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13667
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13668
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13669
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13670
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bcf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13671
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13672
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13673
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13674
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0976d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13675
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13676
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13677
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13678
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13679
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13680
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13681
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13682
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13683
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13684
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13685
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13686
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13687
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13688
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13689
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 13690
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13691
          },
          {
            "timestamp": "2026-06-28 21:56:18,135",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13692
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13693
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13694
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13695
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13696
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13697
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13698
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13699
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13700
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13701
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13702
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13703
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13704
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13705
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13706
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13707
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13708
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13709
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13710
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13711
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\CALISTBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13712
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13713
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13714
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13715
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13716
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13717
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13718
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13719
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13720
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13721
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13722
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13723
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13724
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13725
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13726
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13727
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13728
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13729
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOS.TTF"
              }
            ],
            "repeated": 0,
            "id": 13730
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13731
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13732
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13733
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13734
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13735
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09683000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13736
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13737
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13738
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13739
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13740
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13741
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13742
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13743
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13744
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13745
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13746
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13747
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00026000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13748
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13749
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13750
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13751
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13752
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13753
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13754
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13755
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13756
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13757
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00026000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13758
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13759
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13760
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13761
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13762
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13763
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13764
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13765
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13766
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13767
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13768
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13769
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13770
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0121d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13771
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13772
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13773
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bd7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13774
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09677000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13775
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13776
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13777
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13778
          },
          {
            "timestamp": "2026-06-28 21:56:18,151",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13779
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13780
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13781
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13782
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOOKOSBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13783
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00028000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13784
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13785
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13786
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13787
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13788
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13789
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13790
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13791
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09685000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13792
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0967c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13793
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13794
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13795
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bda000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13796
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00028000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13797
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13798
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13799
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13800
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13801
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13802
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13803
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_R.TTF"
              }
            ],
            "repeated": 0,
            "id": 13804
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13805
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13806
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13807
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13808
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13809
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13810
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13811
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bdc000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13812
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13813
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13814
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13815
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13816
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13817
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13818
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13819
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_I.TTF"
              }
            ],
            "repeated": 0,
            "id": 13820
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00016000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13821
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13822
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13823
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13824
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13825
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13826
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13827
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bdd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13828
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00016000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13829
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13830
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13831
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13832
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13833
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13834
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13835
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_B.TTF"
              }
            ],
            "repeated": 0,
            "id": 13836
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13837
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13838
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13839
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13840
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13841
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13842
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13843
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13844
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bdf000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13845
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13846
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13847
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13848
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13849
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13850
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13851
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13852
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13853
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13854
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13855
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13856
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13857
          },
          {
            "timestamp": "2026-06-28 21:56:18,167",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13858
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13859
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13860
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09be1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13861
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13862
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13863
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13864
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13865
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13866
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13867
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13868
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CR.TTF"
              }
            ],
            "repeated": 0,
            "id": 13869
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13870
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13871
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13872
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13873
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13874
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13875
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096e7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13876
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13877
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13878
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09be3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13879
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13880
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13881
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13882
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13883
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13884
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13885
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13886
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAR.TTF"
              }
            ],
            "repeated": 0,
            "id": 13887
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00012000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13888
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13889
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13890
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13891
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13892
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13893
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13894
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13895
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13896
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09be4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13897
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00012000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13898
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13899
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13900
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13901
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13902
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13903
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13904
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13905
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13906
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13907
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13908
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13909
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13910
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13911
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13912
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13913
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13914
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09be6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13915
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13916
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13917
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13918
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13919
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13920
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13921
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13922
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CB.TTF"
              }
            ],
            "repeated": 0,
            "id": 13923
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00013000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13924
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13925
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13926
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13927
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13928
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13929
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13930
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13931
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13932
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09be8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13933
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00013000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13934
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13935
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13936
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13937
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13938
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13939
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13940
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_BLAI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13941
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00015000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13942
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13943
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13944
          },
          {
            "timestamp": "2026-06-28 21:56:18,182",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13945
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13946
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13947
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13948
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13949
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13950
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bea000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13951
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13952
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13953
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13954
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13955
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13956
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13957
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13958
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BOD_CBI.TTF"
              }
            ],
            "repeated": 0,
            "id": 13959
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00014000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13960
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13961
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13962
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13963
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13964
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13965
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13966
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13967
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13968
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09beb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13969
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00014000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13970
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13971
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13972
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13973
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13974
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13975
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13976
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ITCBLKAD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13977
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00021000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13978
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13979
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13980
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13981
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13982
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13983
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13984
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 13985
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13986
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00021000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 13987
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 13988
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 13989
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13990
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13991
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 13992
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 13993
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\ARLRDBD.TTF"
              }
            ],
            "repeated": 0,
            "id": 13994
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13995
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 13996
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 13997
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13998
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 13999
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14000
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14001
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 14002
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 14003
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14004
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14005
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14006
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14007
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYR.TTF"
              }
            ],
            "repeated": 0,
            "id": 14008
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14009
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14010
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14011
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14012
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14013
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09676000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14014
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14015
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14016
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bee000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14017
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14018
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 14019
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 14020
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14021
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14022
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14023
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14024
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004e0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\AGENCYB.TTF"
              }
            ],
            "repeated": 0,
            "id": 14025
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14026
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14027
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14028
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14029
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14030
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14031
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14032
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bef000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14033
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000f000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14034
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 0,
            "id": 14035
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004e0"
              }
            ],
            "repeated": 0,
            "id": 14036
          },
          {
            "timestamp": "2026-06-28 21:56:18,198",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14037
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14038
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14039
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14040
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\BSSYM7.TTF"
              }
            ],
            "repeated": 0,
            "id": 14041
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14042
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14043
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14044
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14045
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14046
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14047
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bf0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14048
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14049
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 14050
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 14051
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14052
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14053
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14054
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14055
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSAN.TTF"
              }
            ],
            "repeated": 0,
            "id": 14056
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00036000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14057
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14058
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14059
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14060
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14061
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092e0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00036000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14062
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 14063
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 14064
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14065
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14066
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14067
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14068
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\REFSPCL.TTF"
              }
            ],
            "repeated": 0,
            "id": 14069
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14070
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14071
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14072
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14073
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14074
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14075
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bf1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14076
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000e000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14077
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 14078
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 14079
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14080
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14081
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14082
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14083
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\marlett.ttf"
              }
            ],
            "repeated": 0,
            "id": 14084
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004ac"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de44"
              },
              {
                "name": "ViewSize",
                "value": "0x00007000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14085
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14086
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14087
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14088
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08b80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14089
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 14090
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 14091
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14092
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14093
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "RegOpenKeyExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b85720"
              }
            ],
            "repeated": 0,
            "id": 14094
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14095
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              }
            ],
            "repeated": 0,
            "id": 14096
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "RegEnumValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b830d0"
              }
            ],
            "repeated": 0,
            "id": 14097
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14098
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14099
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14100
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 14101
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14102
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14103
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14104
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14105
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14106
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14107
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14108
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14109
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14110
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14111
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14112
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14113
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14114
          },
          {
            "timestamp": "2026-06-28 21:56:18,214",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14115
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14116
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14117
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14118
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14119
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14120
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14121
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14122
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14123
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14124
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14125
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14126
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14127
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14128
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14129
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14130
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14131
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14132
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14133
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14134
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14135
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14136
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14137
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14138
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14139
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14140
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14141
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14142
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14143
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14144
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14145
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14146
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14147
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14148
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14149
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14150
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14151
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14152
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14153
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14154
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14155
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14156
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14157
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14158
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14159
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14160
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14161
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14162
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14163
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14164
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004d0"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14165
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "RegCloseKey"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b86850"
              }
            ],
            "repeated": 0,
            "id": 14166
          },
          {
            "timestamp": "2026-06-28 21:56:18,229",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d0"
              }
            ],
            "repeated": 0,
            "id": 14167
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14168
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EUDC\\1252"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\EUDC\\1252"
              }
            ],
            "repeated": 0,
            "id": 14169
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14170
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes"
              }
            ],
            "repeated": 0,
            "id": 14171
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "RegQueryInfoKeyW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75b84050"
              }
            ],
            "repeated": 0,
            "id": 14172
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "KeyInformation",
                "value": "6\\xff94\\xff8f~\\xffe3\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1a\\x00\\x00\\x004\\x00\\x00\\x00*\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 14173
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09772000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14174
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14175
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14176
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14177
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14178
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14179
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14180
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14181
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14182
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14183
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14184
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14185
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14186
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14187
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14188
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14189
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14190
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14191
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14192
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14193
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14194
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14195
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14196
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14197
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14198
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14199
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14200
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000004ac"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14201
          },
          {
            "timestamp": "2026-06-28 21:56:18,245",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004ac"
              }
            ],
            "repeated": 0,
            "id": 14202
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14203
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14204
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14205
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14206
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\micross.ttf"
              }
            ],
            "repeated": 0,
            "id": 14207
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a160000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3de00"
              },
              {
                "name": "ViewSize",
                "value": "0x000d6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14208
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14209
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14210
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14211
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14212
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14213
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14214
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14215
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14216
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bf3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14217
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14218
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14219
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14220
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14221
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 14222
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 14223
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 14224
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 14225
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 14226
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 14227
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 14228
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14229
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 14230
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14231
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14232
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 14233
          },
          {
            "timestamp": "2026-06-28 21:56:18,260",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004c8"
              }
            ],
            "repeated": 1,
            "id": 14234
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x0803f7a2",
            "parentcaller": "0x0803c5cd",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "mscoree.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x74650000"
              }
            ],
            "repeated": 0,
            "id": 14235
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x0803f7a2",
            "parentcaller": "0x0803c5cd",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x74650000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mscoree.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14236
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x0803f7a2",
            "parentcaller": "0x0803c5cd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74663a30"
              }
            ],
            "repeated": 0,
            "id": 14237
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80105",
            "parentcaller": "0x0803f7a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14238
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80105",
            "parentcaller": "0x0803f7a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RI2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74214610"
              }
            ],
            "repeated": 0,
            "id": 14239
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x0803f7c9",
            "parentcaller": "0x0803c5cd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RU1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74663960"
              }
            ],
            "repeated": 0,
            "id": 14240
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8025d",
            "parentcaller": "0x0803f7c9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RU1_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14241
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8025d",
            "parentcaller": "0x0803f7c9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_RU1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74214630"
              }
            ],
            "repeated": 0,
            "id": 14242
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80349",
            "parentcaller": "0x0803f7d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFontUnit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735033c0"
              }
            ],
            "repeated": 0,
            "id": 14243
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8035b",
            "parentcaller": "0x0803f7d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFontSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735036f0"
              }
            ],
            "repeated": 0,
            "id": 14244
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8036d",
            "parentcaller": "0x0803f7d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFontStyle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73503340"
              }
            ],
            "repeated": 0,
            "id": 14245
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8037f",
            "parentcaller": "0x0803f7d6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFamily"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735032c0"
              }
            ],
            "repeated": 0,
            "id": 14246
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80961",
            "parentcaller": "0x0803c629",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0802e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14247
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80961",
            "parentcaller": "0x0803c629",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d60c50"
              }
            ],
            "repeated": 0,
            "id": 14248
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b8108d",
            "parentcaller": "0x08b80f4f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateFromHDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734d1b70"
              }
            ],
            "repeated": 0,
            "id": 14249
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80673",
            "parentcaller": "0x08b8108d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14250
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80673",
            "parentcaller": "0x08b8108d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14251
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80673",
            "parentcaller": "0x08b8108d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14252
          },
          {
            "timestamp": "2026-06-28 21:56:18,323",
            "thread_id": "2784",
            "caller": "0x08b80673",
            "parentcaller": "0x08b8108d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14253
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b81146",
            "parentcaller": "0x08b80f5c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetDpiY"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73511200"
              }
            ],
            "repeated": 0,
            "id": 14254
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b81268",
            "parentcaller": "0x08b80f75",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFontHeight"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73503440"
              }
            ],
            "repeated": 0,
            "id": 14255
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b813ba",
            "parentcaller": "0x08b80f85",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetEmHeight"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73502ed0"
              }
            ],
            "repeated": 0,
            "id": 14256
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b814b2",
            "parentcaller": "0x08b80fa4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetLineSpacing"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73502f60"
              }
            ],
            "repeated": 0,
            "id": 14257
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b81a57",
            "parentcaller": "0x08b819c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteGraphics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734de670"
              }
            ],
            "repeated": 0,
            "id": 14258
          },
          {
            "timestamp": "2026-06-28 21:56:18,339",
            "thread_id": "2784",
            "caller": "0x08b81bef",
            "parentcaller": "0x08b807e7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateFont"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73504b50"
              }
            ],
            "repeated": 0,
            "id": 14259
          },
          {
            "timestamp": "2026-06-28 21:56:18,354",
            "thread_id": "2784",
            "caller": "0x08b81e4f",
            "parentcaller": "0x08b81dbc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteFont"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350ecb0"
              }
            ],
            "repeated": 0,
            "id": 14260
          },
          {
            "timestamp": "2026-06-28 21:56:18,354",
            "thread_id": "2784",
            "caller": "0x08b81ebb",
            "parentcaller": "0x0803b56d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ffb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14261
          },
          {
            "timestamp": "2026-06-28 21:56:18,385",
            "thread_id": "2784",
            "caller": "0x08b85f81",
            "parentcaller": "0x08b82342",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07ffd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14262
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b880ce",
            "parentcaller": "0x08b87f5e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetProcessWindowStation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64090"
              }
            ],
            "repeated": 0,
            "id": 14263
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b8899b",
            "parentcaller": "0x08b880ce",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14264
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b8899b",
            "parentcaller": "0x08b880ce",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserObjectInformationA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4e5f0"
              }
            ],
            "repeated": 0,
            "id": 14265
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b88f04",
            "parentcaller": "0x08b88107",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandler"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75153960"
              }
            ],
            "repeated": 0,
            "id": 14266
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b88f04",
            "parentcaller": "0x08b88107",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "SetConsoleCtrlHandlerW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14267
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b89086",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14268
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b89086",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetModuleHandleW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150e50"
              }
            ],
            "repeated": 0,
            "id": 14269
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b890a0",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14270
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b890a0",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d50830"
              }
            ],
            "repeated": 0,
            "id": 14271
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b890b3",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClass"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14272
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b890b3",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51a70"
              }
            ],
            "repeated": 0,
            "id": 14273
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b891b6",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14274
          },
          {
            "timestamp": "2026-06-28 21:56:18,401",
            "thread_id": "2784",
            "caller": "0x08b891b6",
            "parentcaller": "0x08b88f15",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51ac0"
              }
            ],
            "repeated": 0,
            "id": 14275
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x012ad246",
            "parentcaller": "0x07f3e685",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14276
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x012ad246",
            "parentcaller": "0x07f3e685",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f87d50"
              }
            ],
            "repeated": 0,
            "id": 14277
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x07f3e685",
            "parentcaller": "0x08b891b6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d4"
              }
            ],
            "repeated": 0,
            "id": 14278
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x07f3e685",
            "parentcaller": "0x08b891b6",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000004d8"
              }
            ],
            "repeated": 0,
            "id": 14279
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x08b89c49",
            "parentcaller": "0x08b86fa6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSysColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4f830"
              }
            ],
            "repeated": 0,
            "id": 14280
          },
          {
            "timestamp": "2026-06-28 21:56:18,432",
            "thread_id": "2784",
            "caller": "0x08b89c49",
            "parentcaller": "0x08b86fa6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSysColorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14281
          },
          {
            "timestamp": "2026-06-28 21:56:18,448",
            "thread_id": "2784",
            "caller": "0x08b8c305",
            "parentcaller": "0x07fe1aa4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14282
          },
          {
            "timestamp": "2026-06-28 21:56:18,448",
            "thread_id": "2784",
            "caller": "0x08b8c305",
            "parentcaller": "0x07fe1aa4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14283
          },
          {
            "timestamp": "2026-06-28 21:56:18,464",
            "thread_id": "2784",
            "caller": "0x08b8dd7e",
            "parentcaller": "0x08b8dcfe",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14284
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0930165b",
            "parentcaller": "0x093013f4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14285
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x09302212",
            "parentcaller": "0x093020f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14286
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x09302212",
            "parentcaller": "0x093020f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57470"
              }
            ],
            "repeated": 0,
            "id": 14287
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x093023eb",
            "parentcaller": "0x09302212",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f4"
              }
            ],
            "repeated": 0,
            "id": 14288
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14289
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14290
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14291
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14292
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004d8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeui.ttf"
              }
            ],
            "repeated": 0,
            "id": 14293
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a240000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc68"
              },
              {
                "name": "ViewSize",
                "value": "0x000ea000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14294
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14295
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14296
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14297
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14298
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14299
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14300
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14301
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14302
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14303
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14304
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09bfa000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14305
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14306
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14307
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14308
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14309
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14310
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14311
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14312
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14313
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14314
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004b4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuii.ttf"
              }
            ],
            "repeated": 0,
            "id": 14315
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004e4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a330000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc68"
              },
              {
                "name": "ViewSize",
                "value": "0x00082000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14316
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14317
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14318
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14319
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14320
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14321
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14322
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14323
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14324
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14325
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14326
          },
          {
            "timestamp": "2026-06-28 21:56:18,495",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00011000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14327
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14328
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14329
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14330
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14331
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004ac"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuib.ttf"
              }
            ],
            "repeated": 0,
            "id": 14332
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a3c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc68"
              },
              {
                "name": "ViewSize",
                "value": "0x000e9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14333
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14334
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14335
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14336
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14337
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14338
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14339
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14340
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09693000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14341
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14342
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14343
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14344
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c25000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14345
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14346
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14347
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14348
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14349
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14350
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14351
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14352
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14353
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000004cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\segoeuiz.ttf"
              }
            ],
            "repeated": 0,
            "id": 14354
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000004b8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a4b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dc68"
              },
              {
                "name": "ViewSize",
                "value": "0x00085000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14355
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14356
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14357
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09679000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14358
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14359
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14360
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14361
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 14362
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0969e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14363
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14364
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x0803f963",
            "parentcaller": "0x0803f777",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c3f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14365
          },
          {
            "timestamp": "2026-06-28 21:56:18,510",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 14366
          },
          {
            "timestamp": "2026-06-28 21:56:18,526",
            "thread_id": "2784",
            "caller": "0x093030af",
            "parentcaller": "0x09302f80",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetThemeAppProperties"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738abf20"
              }
            ],
            "repeated": 0,
            "id": 14367
          },
          {
            "timestamp": "2026-06-28 21:56:18,526",
            "thread_id": "2784",
            "caller": "0x093030af",
            "parentcaller": "0x09302f80",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetThemeAppPropertiesW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14368
          },
          {
            "timestamp": "2026-06-28 21:56:18,526",
            "thread_id": "2784",
            "caller": "0x09303425",
            "parentcaller": "0x0930323f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "OpenThemeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738aca30"
              }
            ],
            "repeated": 0,
            "id": 14369
          },
          {
            "timestamp": "2026-06-28 21:56:18,526",
            "thread_id": "2784",
            "caller": "0x09303425",
            "parentcaller": "0x0930323f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "OpenThemeDataW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14370
          },
          {
            "timestamp": "2026-06-28 21:56:18,526",
            "thread_id": "2784",
            "caller": "0x09303574",
            "parentcaller": "0x09303425",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 14371
          },
          {
            "timestamp": "2026-06-28 21:56:18,542",
            "thread_id": "2784",
            "caller": "0x09305e26",
            "parentcaller": "0x09305b71",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14372
          },
          {
            "timestamp": "2026-06-28 21:56:18,557",
            "thread_id": "2784",
            "caller": "0x093066cd",
            "parentcaller": "0x093065ee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14373
          },
          {
            "timestamp": "2026-06-28 21:56:18,557",
            "thread_id": "2784",
            "caller": "0x093066cd",
            "parentcaller": "0x093065ee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57470"
              }
            ],
            "repeated": 0,
            "id": 14374
          },
          {
            "timestamp": "2026-06-28 21:56:18,557",
            "thread_id": "2784",
            "caller": "0x09306757",
            "parentcaller": "0x093066cd",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000100a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14375
          },
          {
            "timestamp": "2026-06-28 21:56:18,557",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 14376
          },
          {
            "timestamp": "2026-06-28 21:56:18,557",
            "thread_id": "2784",
            "caller": "0x07f3890b",
            "parentcaller": "0x07f388c2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14377
          },
          {
            "timestamp": "2026-06-28 21:56:18,573",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 14378
          },
          {
            "timestamp": "2026-06-28 21:56:18,573",
            "thread_id": "2784",
            "caller": "0x09306757",
            "parentcaller": "0x0930a2ff",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000006a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14379
          },
          {
            "timestamp": "2026-06-28 21:56:18,589",
            "thread_id": "2784",
            "caller": "0x07fe1da6",
            "parentcaller": "0x07fad94d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092f9000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14380
          },
          {
            "timestamp": "2026-06-28 21:56:18,604",
            "thread_id": "2784",
            "caller": "0x07fe23a0",
            "parentcaller": "0x07fad94d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05652000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14381
          },
          {
            "timestamp": "2026-06-28 21:56:18,620",
            "thread_id": "2784",
            "caller": "0x07d44e33",
            "parentcaller": "0x0930ce64",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14382
          },
          {
            "timestamp": "2026-06-28 21:56:18,635",
            "thread_id": "2784",
            "caller": "0x0930f1cf",
            "parentcaller": "0x0930f10b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7583c970"
              }
            ],
            "repeated": 0,
            "id": 14383
          },
          {
            "timestamp": "2026-06-28 21:56:18,635",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\clbcatq"
              },
              {
                "name": "DllBase",
                "value": "0x76a30000"
              }
            ],
            "repeated": 0,
            "id": 14384
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\iertutil"
              },
              {
                "name": "DllBase",
                "value": "0x72a30000"
              }
            ],
            "repeated": 0,
            "id": 14385
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NETAPI32"
              },
              {
                "name": "DllBase",
                "value": "0x72a10000"
              }
            ],
            "repeated": 0,
            "id": 14386
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\USERENV"
              },
              {
                "name": "DllBase",
                "value": "0x729e0000"
              }
            ],
            "repeated": 0,
            "id": 14387
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\WINHTTP"
              },
              {
                "name": "DllBase",
                "value": "0x72910000"
              }
            ],
            "repeated": 0,
            "id": 14388
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\WKSCLI"
              },
              {
                "name": "DllBase",
                "value": "0x72900000"
              }
            ],
            "repeated": 0,
            "id": 14389
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\NETUTILS"
              },
              {
                "name": "DllBase",
                "value": "0x728f0000"
              }
            ],
            "repeated": 0,
            "id": 14390
          },
          {
            "timestamp": "2026-06-28 21:56:18,651",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\ieframe"
              },
              {
                "name": "DllBase",
                "value": "0x72c60000"
              }
            ],
            "repeated": 0,
            "id": 14391
          },
          {
            "timestamp": "2026-06-28 21:56:18,667",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 14392
          },
          {
            "timestamp": "2026-06-28 21:56:18,667",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\\comctl32"
              },
              {
                "name": "DllBase",
                "value": "0x726e0000"
              }
            ],
            "repeated": 0,
            "id": 14393
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 14394
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x726e0000"
              }
            ],
            "repeated": 0,
            "id": 14395
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c60000"
              }
            ],
            "repeated": 0,
            "id": 14396
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 14397
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f302",
            "parentcaller": "0x0930f1cf",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "8856F961-340A-11D0-A96B-00C04FD705A2"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000000-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "Shell.Explorer.2"
              }
            ],
            "repeated": 0,
            "id": 14398
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14399
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14400
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 14401
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 14402
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14403
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000554"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000550"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 14404
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000554"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72650000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00088000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14405
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x726cf000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14406
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14407
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14408
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x726cd000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14409
          },
          {
            "timestamp": "2026-06-28 21:56:18,682",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000554"
              }
            ],
            "repeated": 0,
            "id": 14410
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 14411
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x726cd000"
              },
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14412
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14413
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14414
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14415
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\sxs.dll"
              }
            ],
            "repeated": 0,
            "id": 14416
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\sxs.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14417
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000550"
              }
            ],
            "repeated": 0,
            "id": 14418
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\sxs"
              },
              {
                "name": "DllBase",
                "value": "0x72650000"
              }
            ],
            "repeated": 0,
            "id": 14419
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\sxs"
              },
              {
                "name": "BaseAddress",
                "value": "0x72650000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7266b9a0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14420
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14421
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14422
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "00000346-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "E085AD58-B839-4625-B40B-4CC546E82D75"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14423
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14424
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x754dd000"
              },
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14425
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Classes\\PackagedCom"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\PackagedCom"
              }
            ],
            "repeated": 0,
            "id": 14426
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 14427
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "com",
            "api": "CoCreateInstanceEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "0000034B-0000-0000-C000-000000000046"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "ServerName",
                "value": ""
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14428
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "20"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14429
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "26"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14430
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x8c\\xd7\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00t\\x8eEu\\xd0\\xd7\\xf3\\x00\\x16\\xfe\\xb8u`\\x05\\x00\\x00\\x1a\\x00\\x00\\x00\\xf8\\xd7\\xf3\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x000\\xd8\\xf3\\x00\\x00\\x00\\x00\\x00\\xfc\\xd7\\xf3\\x00G=Fu`\\x05\\x00\\x00\\x1a\\x00\\x00\\x00\\xf8\\xd7\\xf3\\x00\\x04\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14431
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\User\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes"
              }
            ],
            "repeated": 0,
            "id": 14432
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000560"
              }
            ],
            "repeated": 0,
            "id": 14433
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000566"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14434
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000566"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14435
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000566"
              },
              {
                "name": "ObjectAttributesName",
                "value": "TypeLib"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib"
              }
            ],
            "repeated": 0,
            "id": 14436
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\TypeLib"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\TypeLib"
              }
            ],
            "repeated": 0,
            "id": 14437
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 14438
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14439
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000562"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14440
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd2\\x84\\xd2x\\xd2b\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xd5\\xf3\\x00\\xbc^\\xb8ub\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14441
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}"
              }
            ],
            "repeated": 0,
            "id": 14442
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000562"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}"
              }
            ],
            "repeated": 0,
            "id": 14443
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000566"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14444
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000566"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14445
          },
          {
            "timestamp": "2026-06-28 21:56:18,698",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "H\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xd4\\xd2\\x84\\xd2x\\xd2f\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02 \\xd5\\xf3\\x00\\xbc^\\xb8uf\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14446
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1"
              }
            ],
            "repeated": 0,
            "id": 14447
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000566"
              },
              {
                "name": "ObjectAttributesName",
                "value": "1.1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1"
              }
            ],
            "repeated": 0,
            "id": 14448
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14449
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14450
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd2\\xac\\xd2\\xa0\\xd2j\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd5\\xf3\\x00\\xbc^\\xb8uj\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14451
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              }
            ],
            "repeated": 0,
            "id": 14452
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              }
            ],
            "repeated": 0,
            "id": 14453
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14454
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14455
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xfc\\xd2\\xac\\xd2\\xa0\\xd2n\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02H\\xd5\\xf3\\x00\\xbc^\\xb8un\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14456
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              }
            ],
            "repeated": 0,
            "id": 14457
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "win32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              }
            ],
            "repeated": 0,
            "id": 14458
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000572"
              }
            ],
            "repeated": 0,
            "id": 14459
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056e"
              }
            ],
            "repeated": 0,
            "id": 14460
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14461
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14462
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc8\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00T\\xd3\\x04\\xd3\\xf8\\xd2j\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xa0\\xd5\\xf3\\x00\\xbc^\\xb8uj\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14463
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              }
            ],
            "repeated": 0,
            "id": 14464
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              }
            ],
            "repeated": 0,
            "id": 14465
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14466
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14467
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x90\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x1c\\xd3\\xcc\\xd2\\xc0\\xd2n\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00h\\xd5\\xf3\\x00\\xbc^\\xb8un\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14468
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              }
            ],
            "repeated": 0,
            "id": 14469
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000570"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056e"
              },
              {
                "name": "ObjectAttributesName",
                "value": "win32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              }
            ],
            "repeated": 0,
            "id": 14470
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14471
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14472
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\xd2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\x9c\\xd2L\\xd2@\\xd2r\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xe8\\xd4\\xf3\\x00\\xbc^\\xb8ur\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14473
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32"
              }
            ],
            "repeated": 0,
            "id": 14474
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000572"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 14475
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000572"
              }
            ],
            "repeated": 0,
            "id": 14476
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056e"
              }
            ],
            "repeated": 0,
            "id": 14477
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056a"
              }
            ],
            "repeated": 0,
            "id": 14478
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000566"
              }
            ],
            "repeated": 0,
            "id": 14479
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000562"
              }
            ],
            "repeated": 0,
            "id": 14480
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14481
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 14482
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 14483
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14484
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14485
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "PE\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 14486
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14487
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xf8\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14488
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": ".text\\x00\\x00\\x00\\xf8s[\\x00\\x00\\x10\\x00\\x00\\x00t[\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00`"
              },
              {
                "name": "Length",
                "value": "240"
              }
            ],
            "repeated": 0,
            "id": 14489
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 14490
          },
          {
            "timestamp": "2026-06-28 21:56:18,714",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14491
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x02\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 14492
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 14493
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "@E\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14494
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x03\\x00"
              },
              {
                "name": "Length",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 14495
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14496
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "0\\x01\\x00\\x80H\\x00\\x00\\x80"
              },
              {
                "name": "Length",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 14497
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 14498
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "0E\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14499
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x07\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 14500
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14501
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 14502
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "HD\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14503
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 14504
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "XD\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 14505
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00\\xa8\\x00\\x00\\x80"
              },
              {
                "name": "Length",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 14506
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 14507
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa8D\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14508
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 14509
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xe8\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14510
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00E\\\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14511
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "Buffer",
                "value": "\\xe0\\xd5\\\\x00x\\xc3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 14512
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00`b\\x00\\x00\\x00\\x00\\x00\\x00Vb\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14513
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000550"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000560"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ieframe.dll"
              }
            ],
            "repeated": 0,
            "id": 14514
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14515
          },
          {
            "timestamp": "2026-06-28 21:56:18,729",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000550"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09360000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d01c"
              },
              {
                "name": "ViewSize",
                "value": "0x00011000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14516
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "sxs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72650000"
              }
            ],
            "repeated": 0,
            "id": 14517
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x72650000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "sxs.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14518
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "sxs.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72650000"
              },
              {
                "name": "FunctionName",
                "value": "SxsLookupClrGuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x726b96c0"
              }
            ],
            "repeated": 0,
            "id": 14519
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 14520
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14521
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000564"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\KERNELBASE.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14522
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000568"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000564"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\KernelBase.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 14523
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000568"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0a540000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3c820"
              },
              {
                "name": "ViewSize",
                "value": "0x00140000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14524
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000568"
              }
            ],
            "repeated": 0,
            "id": 14525
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x0000056e"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 14526
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\.NETFramework"
              },
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework"
              }
            ],
            "repeated": 0,
            "id": 14527
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              },
              {
                "name": "ValueName",
                "value": "AlwaysReadHKCRForCLSIDs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs"
              }
            ],
            "repeated": 0,
            "id": 14528
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 14529
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056e"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "0"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14530
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056e"
              },
              {
                "name": "ValueName",
                "value": "Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InProcServer32\\Class"
              }
            ],
            "repeated": 0,
            "id": 14531
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000056e"
              }
            ],
            "repeated": 0,
            "id": 14532
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\LocalServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\LocalServer32"
              }
            ],
            "repeated": 1,
            "id": 14533
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14534
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetObjectContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75812bb0"
              }
            ],
            "repeated": 0,
            "id": 14535
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14536
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14537
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14538
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14539
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 14540
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 14541
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 14542
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14543
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 14544
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 14545
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14546
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14547
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 14548
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "ValueName",
                "value": "RaiseActivationAuthenticationLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel"
              }
            ],
            "repeated": 0,
            "id": 14549
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14550
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14551
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14552
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 14553
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 14554
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14555
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AppID\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 14556
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\AppID\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 14557
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14558
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\OLE\\AppCompat"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat"
              }
            ],
            "repeated": 0,
            "id": 14559
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "ValueName",
                "value": "RaiseDefaultAuthnLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel"
              }
            ],
            "repeated": 0,
            "id": 14560
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14561
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14562
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\OLE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE"
              }
            ],
            "repeated": 0,
            "id": 14563
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000558"
              },
              {
                "name": "ValueName",
                "value": "DefaultAccessPermission"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission"
              }
            ],
            "repeated": 0,
            "id": 14564
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 14565
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14566
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08k4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14567
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000570"
              }
            ],
            "repeated": 0,
            "id": 14568
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\rpcss.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0000001e"
              }
            ],
            "repeated": 0,
            "id": 14569
          },
          {
            "timestamp": "2026-06-28 21:56:18,745",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14570
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14571
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14572
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14573
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000558"
              }
            ],
            "repeated": 0,
            "id": 14574
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14575
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14576
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14577
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.COM.DISABLE.4500"
              }
            ],
            "repeated": 0,
            "id": 14578
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "MSFT.VSA.IEC.STATUS.6c736db0"
              }
            ],
            "repeated": 0,
            "id": 14579
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14580
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14581
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 14582
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 14583
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14584
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14585
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe0\\xca\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00l\\xcb\\x1c\\xcb\\x10\\xcbz\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\xb8\\xcd\\xf3\\x00\\xbc^\\xb8uz\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14586
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14587
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000057a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14588
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14589
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14590
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\xca\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00D\\xcb\\xf4\\xca\\xe8\\xca~\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x90\\xcd\\xf3\\x00\\xbc^\\xb8u~\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14591
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14592
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000057e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 14593
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057e"
              }
            ],
            "repeated": 0,
            "id": 14594
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057a"
              }
            ],
            "repeated": 0,
            "id": 14595
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14596
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000578"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14597
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 14598
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14599
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04^3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\"^3\\x01\\x00^3\\x01$^3\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM8\\x00\\x00\\x00\\x00\\xd5\\xf3\\x00\\x18S4\\x01"
              }
            ],
            "repeated": 0,
            "id": 14600
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf24\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x19\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14601
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14602
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe4 4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14603
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14604
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc\\x1f3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14605
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\xb8\\x1f3\\x01\\x00\\x00#\\x00\\xf4\\xce\\xe8\\xce|\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0|\\x05\\x00\\x00<\\xcf\\xf3\\x00\\x83\\x91\\xf5v|\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14606
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t[\\x9a@v\\xe4\\xc9\\xf3\\x00|\\x05\\x00\\x00\\x98\\xd8\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xf4\\xce\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14607
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14608
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4^3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14609
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xec4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00r\\x13\\xbf\\xcf\\x00\t\\x00\\x80\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14610
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14611
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "|\\x1f4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14612
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14613
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "|\\x1c3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14614
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00x\\x1c3\\x01\\x00\\x00#\\x00\\xdc\\xcc\\xd0\\xcc|\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0|\\x05\\x00\\x00$\\xcd\\xf3\\x00\\x83\\x91\\xf5v|\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14615
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-ts\\x98@v\\xcc\\xc7\\xf3\\x00|\\x05\\x00\\x00\\x98\\xd8\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xdc\\xcc\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14616
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000578"
              }
            ],
            "repeated": 0,
            "id": 14617
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000057c"
              }
            ],
            "repeated": 0,
            "id": 14618
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14619
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              }
            ],
            "repeated": 0,
            "id": 14620
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000580"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x7588cf60"
              },
              {
                "name": "Parameter",
                "value": "0x01341dc0"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3140"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "combase.dll"
              }
            ],
            "repeated": 0,
            "id": 14621
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000580",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x7588cf60"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "Parameter",
                "value": "0x01341dc0"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "3140"
              }
            ],
            "repeated": 0,
            "id": 14622
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14623
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14624
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "3140",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01283000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14625
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14626
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14627
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14628
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D_3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14629
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xf34\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x8a\\x10\\x87\\xce\\x10\\x1b\\x00\\x80\\xb0o\\xb0\\x07\\x10\\xf54\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14630
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "3140",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14631
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "3140",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14632
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14633
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x1e4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14634
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14635
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc\\x1f3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14636
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\xb8\\x1f3\\x01\\x00\\x00#\\x00\\x14\\xd2\\x08\\xd2\\x88\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x88\\x05\\x00\\x00\\\\xd2\\xf3\\x00\\x83\\x91\\xf5v\\x88\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14637
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t;\\x85@v\\x04\\xcd\\xf3\\x00\\x88\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\x14\\xd2\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14638
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14639
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04^3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\"^3\\x01\\x00^3\\x01$^3\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM8\\x00\\x00\\x00\\x00\\xd5\\xf3\\x00\\x18S4\\x01"
              }
            ],
            "repeated": 0,
            "id": 14640
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xf14\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x88B2\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14641
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14642
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\x1f4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14643
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14644
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "d#3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14645
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00`#3\\x01\\x00\\x00#\\x00\\xfc\\xcf\\xf0\\xcf\\x88\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x88\\x05\\x00\\x00D\\xd0\\xf3\\x00\\x83\\x91\\xf5v\\x88\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14646
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-tS\\x9b@v\\xec\\xca\\xf3\\x00\\x88\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xfc\\xcf\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14647
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14648
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14649
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14650
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000588"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14651
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14652
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14653
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb4b3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14654
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\xec4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00~\\x13\\xb3\\xcf"
              }
            ],
            "repeated": 0,
            "id": 14655
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14656
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "<\\x1e4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14657
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14658
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "$ 3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14659
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00  3\\x01\\x00\\x00#\\x00\\x14\\xd2\\x08\\xd2\\x80\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x80\\x05\\x00\\x00\\\\xd2\\xf3\\x00\\x83\\x91\\xf5v\\x80\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14660
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t;\\x85@v\\x04\\xcd\\xf3\\x00\\x80\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\x14\\xd2\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14661
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14662
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "ta3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14663
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\xf14\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x88B2\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14664
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14665
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xec\\x1d4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14666
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14667
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "T\\x1f3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14668
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00P\\x1f3\\x01\\x00\\x00#\\x00\\xfc\\xcf\\xf0\\xcf\\x80\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x80\\x05\\x00\\x00D\\xd0\\xf3\\x00\\x83\\x91\\xf5v\\x80\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14669
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-tS\\x9b@v\\xec\\xca\\xf3\\x00\\x80\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xfc\\xcf\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14670
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14671
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14672
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14673
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000580"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14674
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14675
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14676
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04^3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\"^3\\x01\\x00^3\\x01$^3\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM8\\x00\\x00\\x00\\x00\\xd5\\xf3\\x00\\x18S4\\x01"
              }
            ],
            "repeated": 0,
            "id": 14677
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "P\\xeb4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\xaaF2\\x01\\xeaF2\\x01\\xeaF2\\x01*G2\\x01*G2\\x01\\x8e\\x13\\x83\\xcfB\\x06\\x00\\x80\\x82\\xd48\\x01\\x82\\xd48\\x01\\xc2\\xd48\\x01\\xc2\\xd48\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14678
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14679
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14\\x1e4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14680
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14681
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "$ 3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14682
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00  3\\x01\\x00\\x00#\\x00\\x14\\xd2\\x08\\xd2\\x88\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x88\\x05\\x00\\x00\\\\xd2\\xf3\\x00\\x83\\x91\\xf5v\\x88\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14683
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t;\\x85@v\\x04\\xcd\\xf3\\x00\\x88\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\x14\\xd2\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14684
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14685
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D_3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14686
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xea4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 14687
          },
          {
            "timestamp": "2026-06-28 21:56:18,760",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14688
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x1e4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14689
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14690
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x1c\\x1e3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14691
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\x18\\x1e3\\x01\\x00\\x00#\\x00\\xfc\\xcf\\xf0\\xcf\\x88\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x88\\x05\\x00\\x00D\\xd0\\xf3\\x00\\x83\\x91\\xf5v\\x88\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14692
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-tS\\x9b@v\\xec\\xca\\xf3\\x00\\x88\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xfc\\xcf\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14693
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14694
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14695
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14696
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000588"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14697
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14698
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14699
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04^3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\"^3\\x01\\x00^3\\x01$^3\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00LMEM8\\x00\\x00\\x00\\x00\\xd5\\xf3\\x00\\x18S4\\x01"
              }
            ],
            "repeated": 0,
            "id": 14700
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xf24\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x19\\x00\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14701
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14702
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "l 4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14703
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14704
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "L\\x1d3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14705
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00H\\x1d3\\x01\\x00\\x00#\\x00\\x14\\xd2\\x08\\xd2\\x80\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x80\\x05\\x00\\x00\\\\xd2\\xf3\\x00\\x83\\x91\\xf5v\\x80\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14706
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t;\\x85@v\\x04\\xcd\\xf3\\x00\\x80\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\x14\\xd2\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14707
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14708
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "D_3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00W\\x00O\\x00W\\x006\\x004\\x00\\\\x00i\\x00e\\x00f\\x00r\\x00a\\x00m\\x00e\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14709
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "h\\xee4\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 14710
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14711
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xfc\\x1c4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14712
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14713
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\x84\\x1e3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14714
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\x80\\x1e3\\x01\\x00\\x00#\\x00\\xfc\\xcf\\xf0\\xcf\\x80\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x80\\x05\\x00\\x00D\\xd0\\xf3\\x00\\x83\\x91\\xf5v\\x80\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14715
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-tS\\x9b@v\\xec\\xca\\xf3\\x00\\x80\\x05\\x00\\x00,\\xda\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xfc\\xcf\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14716
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000588"
              }
            ],
            "repeated": 0,
            "id": 14717
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000580"
              }
            ],
            "repeated": 0,
            "id": 14718
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14719
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f339",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0899a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14720
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "928",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14721
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "928",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14722
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "928",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000588"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 14723
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "928",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0899c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14724
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "4156",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 14725
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "4156",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14726
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f3a1",
            "parentcaller": "0x0930f1cf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0899e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14727
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f3de",
            "parentcaller": "0x0930f1eb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08017000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14728
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930f3de",
            "parentcaller": "0x0930f1eb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08044000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14729
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb22",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08001000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14730
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb22",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09340000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14731
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14732
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x755e0000"
              },
              {
                "name": "FunctionName",
                "value": "IUnknown_QueryService"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x756168b0"
              }
            ],
            "repeated": 0,
            "id": 14733
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14734
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000c000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14735
          },
          {
            "timestamp": "2026-06-28 21:56:18,776",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089b1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00017000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14736
          },
          {
            "timestamp": "2026-06-28 21:56:18,792",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x001e028d",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "7",
                "pretty_value": "WH_MOUSE"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x72e8f0f0"
              },
              {
                "name": "ModuleAddress",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14737
          },
          {
            "timestamp": "2026-06-28 21:56:18,792",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "SetWindowsHookExW",
            "status": true,
            "return": "0x00280277",
            "arguments": [
              {
                "name": "HookIdentifier",
                "value": "2",
                "pretty_value": "WH_KEYBOARD"
              },
              {
                "name": "ProcedureAddress",
                "value": "0x72e8ef90"
              },
              {
                "name": "ModuleAddress",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 14738
          },
          {
            "timestamp": "2026-06-28 21:56:18,792",
            "thread_id": "2784",
            "caller": "0x09380b87",
            "parentcaller": "0x09380b2f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75164180"
              }
            ],
            "repeated": 0,
            "id": 14739
          },
          {
            "timestamp": "2026-06-28 21:56:18,792",
            "thread_id": "2784",
            "caller": "0x09380b41",
            "parentcaller": "0x07f3a008",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "ActivateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150ac0"
              }
            ],
            "repeated": 0,
            "id": 14740
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x07fa4fd3",
            "parentcaller": "0x07fa32d1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14741
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x07fa4fd3",
            "parentcaller": "0x07fa32d1",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093a0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14742
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x07fa4fd3",
            "parentcaller": "0x07fa32d1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14743
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x07fa4fd3",
            "parentcaller": "0x07fa32d1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5cda0"
              }
            ],
            "repeated": 0,
            "id": 14744
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x07fa339c",
            "parentcaller": "0x07fa32c1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "MapWindowPoints"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d570b0"
              }
            ],
            "repeated": 0,
            "id": 14745
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x09382244",
            "parentcaller": "0x09382128",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetLogFontW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7353f590"
              }
            ],
            "repeated": 0,
            "id": 14746
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x0938229f",
            "parentcaller": "0x09382128",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MSCOREE.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74650000"
              },
              {
                "name": "FunctionName",
                "value": "ND_WU1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74663c90"
              }
            ],
            "repeated": 0,
            "id": 14747
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x0930fda6",
            "parentcaller": "0x0938229f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_WU1_RetAddr"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14748
          },
          {
            "timestamp": "2026-06-28 21:56:18,807",
            "thread_id": "2784",
            "caller": "0x0930fda6",
            "parentcaller": "0x0938229f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mscoreei.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x74200000"
              },
              {
                "name": "FunctionName",
                "value": "ND_WU1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x74214650"
              }
            ],
            "repeated": 0,
            "id": 14749
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x09382070",
            "parentcaller": "0x09381bbf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14750
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x09382070",
            "parentcaller": "0x09381bbf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015ef0"
              }
            ],
            "repeated": 0,
            "id": 14751
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x09382649",
            "parentcaller": "0x09381964",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14752
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x09382649",
            "parentcaller": "0x09381964",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57de0"
              }
            ],
            "repeated": 0,
            "id": 14753
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x07fa4dbc",
            "parentcaller": "0x093818cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x092fd000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14754
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x07fa5797",
            "parentcaller": "0x07f3a104",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "DeactivateActCtx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150aa0"
              }
            ],
            "repeated": 0,
            "id": 14755
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleEndPointID"
              },
              {
                "name": "Atom",
                "value": "0x0000c044"
              }
            ],
            "repeated": 0,
            "id": 14756
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14757
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14758
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14759
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000050a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14760
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000050a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Interface\\{00000160-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000160-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 14761
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\Interface\\{00000160-0000-0000-C000-000000000046}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000160-0000-0000-C000-000000000046}"
              }
            ],
            "repeated": 0,
            "id": 14762
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14763
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14764
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "@\\xcf\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xcc\\xcf|\\xcfp\\xcf\\x9a\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x19\\x00\\x02\\x00\\x18\\xd2\\xf3\\x00\\xbc^\\xb8u\\x9a\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14765
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14766
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000059a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14767
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 14768
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 14769
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\xcf\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xa4\\xcfT\\xcfH\\xcf\\x9e\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xf0\\xd1\\xf3\\x00\\xbc^\\xb8u\\x9e\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14770
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32"
              }
            ],
            "repeated": 0,
            "id": 14771
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{00000320-0000-0000-C000-000000000046}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 14772
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059e"
              }
            ],
            "repeated": 0,
            "id": 14773
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059a"
              }
            ],
            "repeated": 0,
            "id": 14774
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14775
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000598"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 14776
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14777
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14778
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb4b3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x12\\x00\\x00\\x00$s\\xbe\\x07\\xcf\\x05\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14779
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd0\\xf04\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xc2\\x10\\xcf\\xce"
              }
            ],
            "repeated": 0,
            "id": 14780
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14781
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcc\\x1f4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14782
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14783
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ",\"3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14784
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00(\"3\\x01\\x00\\x00#\\x00T\\xd3H\\xd3\\x9c\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\x9c\\xd3\\xf3\\x00\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14785
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\xfb\\x87@vD\\xce\\xf3\\x00\\x9c\\x05\\x00\\x00\\xf8\\xdc\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xffT\\xd3\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14786
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14787
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14g3\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10@)\\x01u`\\x00\\x06\\x00\\xc67\\x08lKD\\x08\\x06\\x00\\x00\\x00\\x18 2\\x01"
              }
            ],
            "repeated": 0,
            "id": 14788
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x80\\xf14\\x01`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x06\\xb69\\x08h\\xa91\\x01,\\x90\\xc3\\x07\\xa1\\xf14\\x01\\x05\\x00\\xc3\\x070 2\\x01\\xec!\\xb3\\x07\\x10@)\\x01\\xfd\\x0e\\x00\\x06\\x83W9\\x088\\x10A\\x08\\x03\\x00\\x00\\x000 2\\x01\\xb2\\xc2\\xf8\\xf8"
              }
            ],
            "repeated": 0,
            "id": 14789
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14790
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf4\\x1f4\\x01\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14791
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14792
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xcc#3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 14793
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\xc8#3\\x01\\x00\\x00#\\x00<\\xd10\\xd1\\x9c\\x05\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0\\x9c\\x05\\x00\\x00\\x84\\xd1\\xf3\\x00\\x83\\x91\\xf5v\\x9c\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14794
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\x13\\x84@v,\\xcc\\xf3\\x00\\x9c\\x05\\x00\\x00\\xf8\\xdc\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff<\\xd1\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 14795
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000598"
              }
            ],
            "repeated": 0,
            "id": 14796
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14797
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleEndPointID"
              },
              {
                "name": "Atom",
                "value": "0x0000c044"
              }
            ],
            "repeated": 0,
            "id": 14798
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14799
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Ole\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 14800
          },
          {
            "timestamp": "2026-06-28 21:56:18,823",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000059c"
              },
              {
                "name": "ValueName",
                "value": "DragDropExtension"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension"
              }
            ],
            "repeated": 0,
            "id": 14801
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dxgi"
              },
              {
                "name": "DllBase",
                "value": "0x721f0000"
              }
            ],
            "repeated": 0,
            "id": 14802
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\d3d11"
              },
              {
                "name": "DllBase",
                "value": "0x72430000"
              }
            ],
            "repeated": 0,
            "id": 14803
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dcomp"
              },
              {
                "name": "DllBase",
                "value": "0x722c0000"
              }
            ],
            "repeated": 0,
            "id": 14804
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\dataexchange"
              },
              {
                "name": "DllBase",
                "value": "0x72610000"
              }
            ],
            "repeated": 0,
            "id": 14805
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 14806
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\dataexchange.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72610000"
              }
            ],
            "repeated": 0,
            "id": 14807
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9FC8E510-A27C-4B3B-B9A3-BF65F00256A8"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "043250DB-3B6A-4141-8F21-AA2ED2BE3355"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14808
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14809
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7263d000"
              },
              {
                "name": "ModuleName",
                "value": "dataexchange.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14810
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7263d000"
              },
              {
                "name": "ModuleName",
                "value": "dataexchange.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14811
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "twinapi.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 14812
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 14813
          },
          {
            "timestamp": "2026-06-28 21:56:18,839",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14814
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\twinapi.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 14815
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005bc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72060000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0018f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14816
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14817
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14818
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14819
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721ce000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14820
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005bc"
              }
            ],
            "repeated": 0,
            "id": 14821
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14822
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721ce000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14823
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00y\\x00s\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00d\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00H\\xec\\xb0\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00x\\xec\\xb0\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\xec\\xb0\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\xe9\\xb0\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\xec\\xb0\\x07\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xdc\\x13:\t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x13:\t\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xcc\\x13:\t"
              }
            ],
            "repeated": 0,
            "id": 14824
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14825
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14826
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14827
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\system32\\twinapi.appcore.dll"
              }
            ],
            "repeated": 0,
            "id": 14828
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000059c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\twinapi.appcore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 14829
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000059c"
              }
            ],
            "repeated": 0,
            "id": 14830
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\twinapi.appcore"
              },
              {
                "name": "DllBase",
                "value": "0x72060000"
              }
            ],
            "repeated": 0,
            "id": 14831
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\twinapi.appcore"
              },
              {
                "name": "BaseAddress",
                "value": "0x72060000"
              },
              {
                "name": "InitRoutine",
                "value": "0x720e3930"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 14832
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7263d000"
              },
              {
                "name": "ModuleName",
                "value": "dataexchange.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14833
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7263d000"
              },
              {
                "name": "ModuleName",
                "value": "dataexchange.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14834
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14835
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14836
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14837
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14838
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:70318"
              }
            ],
            "repeated": 0,
            "id": 14839
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aa40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00080000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14840
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aa40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14841
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 14842
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089c8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14843
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xb8\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14844
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005cc"
              }
            ],
            "repeated": 0,
            "id": 14845
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:70318"
              }
            ],
            "repeated": 0,
            "id": 14846
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:70318"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14847
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dcd4"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14848
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14849
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14850
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x721d2000"
              },
              {
                "name": "ModuleName",
                "value": "twinapi.appcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14851
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72060000"
              }
            ],
            "repeated": 0,
            "id": 14852
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 14853
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xe0\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 14854
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 14855
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:70318"
              }
            ],
            "repeated": 0,
            "id": 14856
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dcfc"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14857
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14858
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d0"
              }
            ],
            "repeated": 0,
            "id": 14859
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:70318"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14860
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dd24"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14861
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 14862
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "windows",
            "api": "FindWindowW",
            "status": true,
            "return": "0x0001010a",
            "arguments": [
              {
                "name": "ClassName",
                "value": "ApplicationManager_DesktopShellWindow"
              },
              {
                "name": "WindowName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14863
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "{DADEF92C-227E-46C0-93C0-9FFFA4DC07D9}"
              },
              {
                "name": "Atom",
                "value": "0x0000c01f"
              }
            ],
            "repeated": 0,
            "id": 14864
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0001010a"
              },
              {
                "name": "Message",
                "value": "0x0000c0c3"
              }
            ],
            "repeated": 0,
            "id": 14865
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089d1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14866
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000006"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\windows_ie_global_counters"
              }
            ],
            "repeated": 0,
            "id": 14867
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d4"
              }
            ],
            "repeated": 0,
            "id": 14868
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 14869
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 14870
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14871
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "2"
              },
              {
                "name": "TokenInformation",
                "value": "\\x0e\\x00\\x00\\x00\\x1c\\xdf4\\x01\\x07\\x00\\x00\\x008\\xdf4\\x01\\x07\\x00\\x00\\x00D\\xdf4\\x01\\x10\\x00\\x00\\x00P\\xdf4\\x01\\x10\\x00\\x00\\x00`\\xdf4\\x01\\x07\\x00\\x00\\x00p\\xdf4\\x01\\x07\\x00\\x00\\x00|\\xdf4\\x01\\x07\\x00\\x00\\x00\\x88\\xdf4\\x01\\x07\\x00\\x00\\x00\\x94\\xdf4\\x01\\x07\\x00\\x00\\x00\\xa0\\xdf4\\x01\\x07\\x00\\x00\\x00\\xac\\xdf4\\x01\\x07\\x00\\x00\\xc0\\xc0\\xdf4\\x01\\x07\\x00\\x00\\x00\\xcc\\xdf4\\x01\\x07\\x00\\x00\\x00\\xdc\\xdf4\\x01`\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05r\\x00\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00!\\x02\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x01\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x0b\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x0f\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05"
              }
            ],
            "repeated": 0,
            "id": 14872
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14873
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "sechost.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a00000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertSidToStringSidW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75a14d20"
              }
            ],
            "repeated": 0,
            "id": 14874
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14875
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005d8"
              }
            ],
            "repeated": 0,
            "id": 14876
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14877
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "sechost.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a00000"
              },
              {
                "name": "FunctionName",
                "value": "ConvertStringSecurityDescriptorToSecurityDescriptorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75a10c50"
              }
            ],
            "repeated": 0,
            "id": 14878
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14879
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\windows_ie_global_counters"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 14880
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0x000005d8"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000005d8"
              },
              {
                "name": "Options",
                "value": "0x00000001"
              }
            ],
            "repeated": 0,
            "id": 14881
          },
          {
            "timestamp": "2026-06-28 21:56:18,854",
            "thread_id": "2784",
            "caller": "0x0930fb63",
            "parentcaller": "0x0930f8f0",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3e5cc"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14882
          },
          {
            "timestamp": "2026-06-28 21:56:18,870",
            "thread_id": "2784",
            "caller": "0x093843e5",
            "parentcaller": "0x09383fbd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08002000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14883
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x09385638",
            "parentcaller": "0x09384ff8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetParent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62c10"
              }
            ],
            "repeated": 0,
            "id": 14884
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x09385f62",
            "parentcaller": "0x09385e6b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d612b0"
              }
            ],
            "repeated": 0,
            "id": 14885
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x09385f8d",
            "parentcaller": "0x09385e6b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015fe0"
              }
            ],
            "repeated": 0,
            "id": 14886
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x093860a1",
            "parentcaller": "0x09385fac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "ReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d60c50"
              }
            ],
            "repeated": 0,
            "id": 14887
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x09385c5a",
            "parentcaller": "0x093856ba",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093a4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14888
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x093865f9",
            "parentcaller": "0x09386467",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0463b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14889
          },
          {
            "timestamp": "2026-06-28 21:56:18,885",
            "thread_id": "2784",
            "caller": "0x08b86063",
            "parentcaller": "0x08b82342",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowPos"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64c30"
              }
            ],
            "repeated": 0,
            "id": 14890
          },
          {
            "timestamp": "2026-06-28 21:56:18,901",
            "thread_id": "2784",
            "caller": "0x07faf359",
            "parentcaller": "0x08b84ce7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLength"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14891
          },
          {
            "timestamp": "2026-06-28 21:56:18,901",
            "thread_id": "2784",
            "caller": "0x07faf359",
            "parentcaller": "0x08b84ce7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextLengthW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5cd50"
              }
            ],
            "repeated": 0,
            "id": 14892
          },
          {
            "timestamp": "2026-06-28 21:56:18,901",
            "thread_id": "2784",
            "caller": "0x07faf365",
            "parentcaller": "0x08b84ce7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d571c0"
              }
            ],
            "repeated": 0,
            "id": 14893
          },
          {
            "timestamp": "2026-06-28 21:56:18,901",
            "thread_id": "2784",
            "caller": "0x07faf3b7",
            "parentcaller": "0x08b84ce7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14894
          },
          {
            "timestamp": "2026-06-28 21:56:18,901",
            "thread_id": "2784",
            "caller": "0x07faf3b7",
            "parentcaller": "0x08b84ce7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowTextW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5c5e0"
              }
            ],
            "repeated": 0,
            "id": 14895
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14896
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 14897
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000008"
              }
            ],
            "repeated": 0,
            "id": 14898
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 14899
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75450000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 14900
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "9"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7546e610"
              }
            ],
            "repeated": 0,
            "id": 14901
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14902
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14903
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "4"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7546f610"
              }
            ],
            "repeated": 0,
            "id": 14904
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387de8",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14905
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14906
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\PROPSYS"
              },
              {
                "name": "DllBase",
                "value": "0x71f90000"
              }
            ],
            "repeated": 0,
            "id": 14907
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71f90000"
              }
            ],
            "repeated": 0,
            "id": 14908
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71f90000"
              },
              {
                "name": "FunctionName",
                "value": "VariantToStringWithDefault"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71fd4e70"
              }
            ],
            "repeated": 0,
            "id": 14909
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14910
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14911
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 14912
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "CreateUriCacheSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize"
              }
            ],
            "repeated": 0,
            "id": 14913
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14914
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 14915
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "CreateUriCacheSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize"
              }
            ],
            "repeated": 0,
            "id": 14916
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14917
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 14918
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "CreateUriCacheSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize"
              }
            ],
            "repeated": 0,
            "id": 14919
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14920
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 14921
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "CreateUriCacheSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize"
              }
            ],
            "repeated": 0,
            "id": 14922
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "EnablePunycode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode"
              }
            ],
            "repeated": 0,
            "id": 14923
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "EnablePunycode"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode"
              }
            ],
            "repeated": 0,
            "id": 14924
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "EnablePunycode"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode"
              }
            ],
            "repeated": 0,
            "id": 14925
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "EnablePunycode"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode"
              }
            ],
            "repeated": 0,
            "id": 14926
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14927
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 14928
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ValueName",
                "value": "Security_HKLM_only"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only"
              }
            ],
            "repeated": 0,
            "id": 14929
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f8"
              }
            ],
            "repeated": 0,
            "id": 14930
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14931
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 14932
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14933
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 14934
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14935
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 14936
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14937
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl"
              }
            ],
            "repeated": 0,
            "id": 14938
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562"
              }
            ],
            "repeated": 0,
            "id": 14939
          },
          {
            "timestamp": "2026-06-28 21:56:18,917",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION"
              }
            ],
            "repeated": 0,
            "id": 14940
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_URI_DISABLECACHE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE"
              }
            ],
            "repeated": 0,
            "id": 14941
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_INTERNET_SHELL_FOLDERS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS"
              }
            ],
            "repeated": 0,
            "id": 14942
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 14943
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005dc"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\*"
              }
            ],
            "repeated": 0,
            "id": 14944
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005dc"
              }
            ],
            "repeated": 0,
            "id": 14945
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14946
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866660"
              }
            ],
            "repeated": 0,
            "id": 14947
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14948
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14949
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14950
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14951
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\msIso"
              },
              {
                "name": "DllBase",
                "value": "0x71f40000"
              }
            ],
            "repeated": 0,
            "id": 14952
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "msIso.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71f40000"
              }
            ],
            "repeated": 0,
            "id": 14953
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "msIso.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71f40000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "21"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71f69b40"
              }
            ],
            "repeated": 0,
            "id": 14954
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14955
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14956
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Internet Explorer\\MAIN"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN"
              }
            ],
            "repeated": 0,
            "id": 14957
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NavigationDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\NavigationDelay"
              }
            ],
            "repeated": 0,
            "id": 14958
          },
          {
            "timestamp": "2026-06-28 21:56:18,932",
            "thread_id": "2784",
            "caller": "0x09387eb3",
            "parentcaller": "0x09387d3a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14959
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14960
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "OLEAUT32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "149"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75466150"
              }
            ],
            "repeated": 0,
            "id": 14961
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7418b000"
              },
              {
                "name": "ModuleName",
                "value": "clr.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14962
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14963
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76873000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14964
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14965
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14966
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14967
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76240000"
              },
              {
                "name": "ModuleName",
                "value": "SHLWAPI.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 14968
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14969
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14970
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 14971
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14972
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14973
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14974
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesMyComputer"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer"
              }
            ],
            "repeated": 0,
            "id": 14975
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14976
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14977
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14978
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 14979
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14980
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14981
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14982
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoPropertiesRecycleBin"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin"
              }
            ],
            "repeated": 0,
            "id": 14983
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14984
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14985
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14986
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 14987
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14988
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14989
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14990
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoControlPanel"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel"
              }
            ],
            "repeated": 0,
            "id": 14991
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14992
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14993
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14994
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 14995
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 14996
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 14997
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 14998
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoSetFolders"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders"
              }
            ],
            "repeated": 0,
            "id": 14999
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15000
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15001
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15002
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 15003
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15004
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15005
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15006
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoInternetIcon"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon"
              }
            ],
            "repeated": 0,
            "id": 15007
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15008
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15009
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15010
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15011
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 15012
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 15013
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15014
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15015
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 15016
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 15017
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15018
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15019
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15020
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15021
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15022
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 15023
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15024
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15025
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15026
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "NoCommonGroups"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups"
              }
            ],
            "repeated": 0,
            "id": 15027
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15028
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15029
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15030
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15031
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7565c000"
              },
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15032
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15033
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15034
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15035
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15036
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15037
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15038
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15039
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15040
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15041
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0v\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbcvlv`v\\x02\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08y\\xf3\\x00\\xbc^\\xb8u\\x02\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15042
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15043
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "36"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15044
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15045
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15046
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0v\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbcvlv`v\\x02\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08y\\xf3\\x00\\xbc^\\xb8u\\x02\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15047
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15048
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "ValueName",
                "value": "CallForAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes"
              }
            ],
            "repeated": 0,
            "id": 15049
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15050
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15051
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0v\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbcvlv`v\\x02\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08y\\xf3\\x00\\xbc^\\xb8u\\x02\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15052
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15053
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "ValueName",
                "value": "RestrictedAttributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes"
              }
            ],
            "repeated": 0,
            "id": 15054
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15055
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15056
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "0v\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00\\xbcvlv`v\\x02\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x08y\\xf3\\x00\\xbc^\\xb8u\\x02\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15057
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15058
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000602"
              },
              {
                "name": "ValueName",
                "value": "FolderValueFlags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "131602"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags"
              }
            ],
            "repeated": 0,
            "id": 15059
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000602"
              }
            ],
            "repeated": 0,
            "id": 15060
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15061
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15062
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15063
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder"
              }
            ],
            "repeated": 0,
            "id": 15064
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1048576"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 15065
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15066
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15067
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 15068
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15069
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum"
              }
            ],
            "repeated": 0,
            "id": 15070
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "{871C5380-42A0-1069-A2EA-08002B30309D}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}"
              }
            ],
            "repeated": 0,
            "id": 15071
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15072
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15073
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15074
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15075
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15076
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15077
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15078
          },
          {
            "timestamp": "2026-06-28 21:56:18,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15079
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15080
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000606"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15081
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000606"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15082
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xe8n\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00to$o\\x18o\\x06\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xc0q\\xf3\\x00\\xbc^\\xb8u\\x06\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15083
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15084
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000606"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 15085
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000606"
              }
            ],
            "repeated": 0,
            "id": 15086
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 15087
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 15088
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 15089
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15090
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 15091
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x001a8000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15092
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15093
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15094
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15095
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ecf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15096
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 15097
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 15098
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 15099
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 15100
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 15101
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srvcli.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15102
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 15103
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000608"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0001d000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15104
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d8a000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15105
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15106
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15107
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d89000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15108
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000608"
              }
            ],
            "repeated": 0,
            "id": 15109
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 15110
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ecf000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15111
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x15\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00Y\\x00S\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x002\\x00\\\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00o\\x00n\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00e\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00r\\x00l\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00d\\x00l\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x08\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08*\t9\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x06 \\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x11\\x049\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\xdc"
              }
            ],
            "repeated": 0,
            "id": 15112
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d89000"
              },
              {
                "name": "ModuleName",
                "value": "srvcli.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15113
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15114
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15115
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15116
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\srvcli.dll"
              }
            ],
            "repeated": 0,
            "id": 15117
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srvcli.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15118
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 15119
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\srvcli"
              },
              {
                "name": "DllBase",
                "value": "0x71d70000"
              }
            ],
            "repeated": 0,
            "id": 15120
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15121
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15122
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15123
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\urlmon.dll"
              }
            ],
            "repeated": 0,
            "id": 15124
          },
          {
            "timestamp": "2026-06-28 21:56:18,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000604"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\urlmon.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15125
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000604"
              }
            ],
            "repeated": 0,
            "id": 15126
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\urlmon"
              },
              {
                "name": "DllBase",
                "value": "0x71d90000"
              }
            ],
            "repeated": 0,
            "id": 15127
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15128
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters"
              }
            ],
            "repeated": 0,
            "id": 15129
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000600"
              },
              {
                "name": "ValueName",
                "value": "RpcCacheTimeout"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout"
              }
            ],
            "repeated": 0,
            "id": 15130
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000600"
              }
            ],
            "repeated": 0,
            "id": 15131
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\srvcli"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d70000"
              },
              {
                "name": "InitRoutine",
                "value": "0x71d74cb0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15132
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 15133
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlIsMultiSessionSku"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f2d810"
              }
            ],
            "repeated": 0,
            "id": 15134
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15135
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15136
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\urlmon"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d90000"
              },
              {
                "name": "InitRoutine",
                "value": "0x71e13170"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15137
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15138
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74c81000"
              },
              {
                "name": "ModuleName",
                "value": "windows.storage.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15139
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x093899f2",
            "parentcaller": "0x093873b4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093c1000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15140
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_IEDDE_REGISTER_PROTOCOL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IEDDE_REGISTER_PROTOCOL"
              }
            ],
            "repeated": 0,
            "id": 15141
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15142
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "msIso.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71f40000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "22"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71f691e0"
              }
            ],
            "repeated": 0,
            "id": 15143
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15144
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15145
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoTaskMemFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75866b20"
              }
            ],
            "repeated": 0,
            "id": 15146
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15147
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15148
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x755e0000"
              },
              {
                "name": "FunctionName",
                "value": "IUnknown_Set"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75614310"
              }
            ],
            "repeated": 0,
            "id": 15149
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15150
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 15151
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 15152
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 15153
          },
          {
            "timestamp": "2026-06-28 21:56:18,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 15154
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 15155
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 15156
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 15157
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15158
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 15159
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15160
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15161
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15162
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000618"
              }
            ],
            "repeated": 1,
            "id": 15163
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15164
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 15165
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ValueName",
                "value": "ValidateRegItems"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems"
              }
            ],
            "repeated": 0,
            "id": 15166
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15167
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15168
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace"
              }
            ],
            "repeated": 0,
            "id": 15169
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ValueName",
                "value": "MonitorRegistry"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry"
              }
            ],
            "repeated": 0,
            "id": 15170
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15171
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15172
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "18"
              },
              {
                "name": "TokenInformation",
                "value": "\\x03\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15173
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15174
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15175
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15176
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15177
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15178
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15179
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061e"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15180
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061e"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15181
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8n\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00do\\x14o\\x08o\\x1e\\x06\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\xb0q\\xf3\\x00\\xbc^\\xb8u\\x1e\\x06\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15182
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32"
              }
            ],
            "repeated": 0,
            "id": 15183
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061e"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemRoot%\\system32\\windows.storage.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 15184
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061e"
              }
            ],
            "repeated": 0,
            "id": 15185
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15186
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView"
              }
            ],
            "repeated": 0,
            "id": 15187
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{C2EA74E0-0ED2-11CF-A9BB-00AA004AE837}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 15188
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15189
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "C2EA74E0-0ED2-11CF-A9BB-00AA004AE837"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "000214EA-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15190
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15191
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x755e0000"
              },
              {
                "name": "FunctionName",
                "value": "IUnknown_SetSite"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75616bb0"
              }
            ],
            "repeated": 0,
            "id": 15192
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15193
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15194
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x76872000"
              },
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15195
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15196
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15197
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ValueName",
                "value": "NoFileMenu"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu"
              }
            ],
            "repeated": 0,
            "id": 15198
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15199
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15200
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15201
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000061c"
              },
              {
                "name": "ValueName",
                "value": "NoFileMenu"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu"
              }
            ],
            "repeated": 0,
            "id": 15202
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000061c"
              }
            ],
            "repeated": 0,
            "id": 15203
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 15204
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\ieframe.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15205
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000061c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\ieframe.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15206
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000061c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\ieframe.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 15207
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000620"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aac0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f34ec8"
              },
              {
                "name": "ViewSize",
                "value": "0x001ab000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15208
          },
          {
            "timestamp": "2026-06-28 21:56:18,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 15209
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15210
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoInitializeEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75807f20"
              }
            ],
            "repeated": 0,
            "id": 15211
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15212
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15213
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75807f70"
              }
            ],
            "repeated": 0,
            "id": 15214
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15215
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15216
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "urlmon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d90000"
              }
            ],
            "repeated": 0,
            "id": 15217
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "CreateURLMonikerEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71e02300"
              }
            ],
            "repeated": 0,
            "id": 15218
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15219
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c3b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15220
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c3b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15221
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15222
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15223
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15224
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PROTOCOLS\\Name-Space Handler\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\"
              }
            ],
            "repeated": 0,
            "id": 15225
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler"
              }
            ],
            "repeated": 0,
            "id": 15226
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15227
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15228
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15229
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PROTOCOLS\\Name-Space Handler\\about\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\about\\"
              }
            ],
            "repeated": 0,
            "id": 15230
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15231
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15232
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15233
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15234
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PROTOCOLS\\Name-Space Handler\\*\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*\\"
              }
            ],
            "repeated": 0,
            "id": 15235
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*"
              }
            ],
            "repeated": 0,
            "id": 15236
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000622"
              }
            ],
            "repeated": 0,
            "id": 15237
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15238
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15239
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15240
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15241
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000620"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15242
          },
          {
            "timestamp": "2026-06-28 21:56:19,010",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000620"
              }
            ],
            "repeated": 0,
            "id": 15243
          },
          {
            "timestamp": "2026-06-28 21:56:19,042",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\powrprof"
              },
              {
                "name": "DllBase",
                "value": "0x70ac0000"
              }
            ],
            "repeated": 0,
            "id": 15244
          },
          {
            "timestamp": "2026-06-28 21:56:19,042",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\mshtml"
              },
              {
                "name": "DllBase",
                "value": "0x70b10000"
              }
            ],
            "repeated": 0,
            "id": 15245
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\UMPDC"
              },
              {
                "name": "DllBase",
                "value": "0x70ab0000"
              }
            ],
            "repeated": 0,
            "id": 15246
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "CRYPTBASE.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x742c0000"
              }
            ],
            "repeated": 0,
            "id": 15247
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "msiso.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71f40000"
              }
            ],
            "repeated": 0,
            "id": 15248
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70b10000"
              }
            ],
            "repeated": 0,
            "id": 15249
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15250
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15251
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x755b2000"
              },
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15252
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15253
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "CreateAsyncBindCtxEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71db7970"
              }
            ],
            "repeated": 0,
            "id": 15254
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15255
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15256
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterBindStatusCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71e06280"
              }
            ],
            "repeated": 0,
            "id": 15257
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15258
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15259
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\MediaTypeClass"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\MediaTypeClass"
              }
            ],
            "repeated": 0,
            "id": 15260
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15261
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "484"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71dfc790"
              }
            ],
            "repeated": 0,
            "id": 15262
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15263
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15264
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15265
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15266
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents"
              }
            ],
            "repeated": 0,
            "id": 15267
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15268
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15269
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15270
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15271
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15272
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15273
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15274
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15275
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15276
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15277
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15278
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15279
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15280
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15281
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 1,
            "id": 15282
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 15283
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15284
          },
          {
            "timestamp": "2026-06-28 21:56:19,104",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15285
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089eb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15286
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15287
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15288
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15289
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15290
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15291
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 15292
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15293
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15294
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15295
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15296
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "444"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71de9cc0"
              }
            ],
            "repeated": 0,
            "id": 15297
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15298
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 15299
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlGetDeviceFamilyInfoEnum"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6b9c0"
              }
            ],
            "repeated": 0,
            "id": 15300
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "Kernel-OneCore-DeviceFamilyID"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 15301
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_BROWSER_EMULATION"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION"
              }
            ],
            "repeated": 0,
            "id": 15302
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15303
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*"
              }
            ],
            "repeated": 0,
            "id": 15304
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 15305
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615"
              }
            ],
            "repeated": 0,
            "id": 15306
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15307
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "UrlMkGetSessionOption"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71dbbdb0"
              }
            ],
            "repeated": 0,
            "id": 15308
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15309
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15310
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15311
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15312
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15313
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 15314
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15315
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "CoInternetCreateSecurityManager"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71ddf940"
              }
            ],
            "repeated": 0,
            "id": 15316
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15317
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15318
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              }
            ],
            "repeated": 0,
            "id": 15319
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "ValueName",
                "value": "Security_HKLM_only"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only"
              }
            ],
            "repeated": 0,
            "id": 15320
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000644"
              }
            ],
            "repeated": 0,
            "id": 15321
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915"
              }
            ],
            "repeated": 0,
            "id": 15322
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15323
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              }
            ],
            "repeated": 0,
            "id": 15324
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15325
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              }
            ],
            "repeated": 0,
            "id": 15326
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15327
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              }
            ],
            "repeated": 0,
            "id": 15328
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15329
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ZoneMap\\Ranges\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\"
              }
            ],
            "repeated": 0,
            "id": 15330
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15331
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ZoneMap\\Ranges\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\"
              }
            ],
            "repeated": 0,
            "id": 15332
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15333
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ZoneMap\\Ranges\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\"
              }
            ],
            "repeated": 0,
            "id": 15334
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 15335
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001"
              }
            ],
            "repeated": 0,
            "id": 15336
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15337
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000644"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies"
              }
            ],
            "repeated": 0,
            "id": 15338
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15339
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000648"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies"
              }
            ],
            "repeated": 0,
            "id": 15340
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15341
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000064c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software"
              }
            ],
            "repeated": 0,
            "id": 15342
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15343
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000650"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software"
              }
            ],
            "repeated": 0,
            "id": 15344
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15345
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 15346
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "KeyInformation",
                "value": "\\xff95\\xffc2\\xffca'\\xffdf\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\n\\x00\\x00\\x00\\x01\\x00\\x00\\x00*\\x00\\x00\\x00\\x04\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15347
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 15348
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15349
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              }
            ],
            "repeated": 0,
            "id": 15350
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15351
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 15352
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffddy+\\xffefv\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15353
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000654"
              }
            ],
            "repeated": 0,
            "id": 15354
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15355
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              }
            ],
            "repeated": 0,
            "id": 15356
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15357
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtCreateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000654"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "Disposition",
                "value": "2",
                "pretty_value": "REG_OPENED_EXISTING_KEY"
              }
            ],
            "repeated": 0,
            "id": 15358
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15359
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000658"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15360
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15361
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15362
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15363
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15364
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15365
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15366
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15367
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "522"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71dff620"
              }
            ],
            "repeated": 0,
            "id": 15368
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15369
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER"
              }
            ],
            "repeated": 0,
            "id": 15370
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15371
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 15372
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "KeyInformation",
                "value": "s\\xff820 }\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15373
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 15374
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15375
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15376
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 15377
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15378
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15379
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 15380
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15381
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15382
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000065c"
              }
            ],
            "repeated": 0,
            "id": 15383
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15384
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15385
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 15386
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\UrlZonesSM_Rajesh"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15387
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000065c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ad90000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f32390"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15388
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15389
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\Setup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\Setup"
              }
            ],
            "repeated": 0,
            "id": 15390
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "SystemSetupInProgress"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress"
              }
            ],
            "repeated": 0,
            "id": 15391
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15392
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15393
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15394
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15395
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 15396
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15397
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 15398
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15399
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 15400
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15401
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 15402
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000664"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15403
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              }
            ],
            "repeated": 0,
            "id": 15404
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15405
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15406
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15407
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15408
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15409
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15410
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15411
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15412
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15413
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15414
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15415
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15416
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15417
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15418
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000664"
              },
              {
                "name": "MutexName",
                "value": "Local\\ZonesCacheCounterMutex"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15419
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15420
          },
          {
            "timestamp": "2026-06-28 21:56:19,120",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15421
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15422
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15423
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15424
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15425
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15426
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15427
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15428
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15429
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "33"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15430
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15431
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 15432
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15433
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15434
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15435
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15436
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15437
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15438
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15439
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15440
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15441
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15442
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15443
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "219"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15444
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15445
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15446
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "ProxyBypass"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass"
              }
            ],
            "repeated": 0,
            "id": 15447
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "IntranetName"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
              }
            ],
            "repeated": 0,
            "id": 15448
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "UNCAsIntranet"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet"
              }
            ],
            "repeated": 0,
            "id": 15449
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 15450
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15451
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15452
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 15453
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 15454
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15455
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15456
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15457
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15458
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15459
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15460
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15461
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15462
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15463
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15464
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "71"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15465
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15466
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 15467
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15468
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15469
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15470
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15471
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15472
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15473
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15474
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15475
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15476
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15477
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15478
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15479
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15480
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 15481
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15482
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15483
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000668"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15484
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15485
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15486
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15487
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15488
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15489
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15490
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15491
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15492
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15493
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15494
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              }
            ],
            "repeated": 0,
            "id": 15495
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 15496
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15497
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_LOCALMACHINE_LOCKDOWN"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN"
              }
            ],
            "repeated": 0,
            "id": 15498
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15499
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*"
              }
            ],
            "repeated": 0,
            "id": 15500
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15501
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15502
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15503
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15504
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15505
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15506
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15507
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15508
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15509
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15510
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15511
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15512
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\"
              }
            ],
            "repeated": 0,
            "id": 15513
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15514
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000668"
              },
              {
                "name": "MutexName",
                "value": "Local\\ZonesLockedCacheCounterMutex"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15515
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15516
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15517
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15518
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15519
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15520
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15521
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15522
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15523
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15524
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 15525
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "33"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15526
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15527
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15528
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15529
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15530
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15531
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15532
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15533
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15534
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15535
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15536
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15537
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15538
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 15539
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "219"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15540
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15541
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0002001f",
                "pretty_value": "KEY_READ|KEY_WRITE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 15542
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "ProxyBypass"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass"
              }
            ],
            "repeated": 0,
            "id": 15543
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "IntranetName"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
              }
            ],
            "repeated": 0,
            "id": 15544
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "UNCAsIntranet"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "1"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet"
              }
            ],
            "repeated": 0,
            "id": 15545
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Buffer",
                "value": "0"
              },
              {
                "name": "BufferLength",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 15546
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 15547
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15548
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15549
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 15550
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15551
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15552
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15553
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15554
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15555
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15556
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15557
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15558
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15559
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 15560
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "71"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15561
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15562
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15563
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15564
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15565
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15566
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15567
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15568
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15569
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15570
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15571
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15572
          },
          {
            "timestamp": "2026-06-28 21:56:19,135",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15573
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15574
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15575
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15576
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15577
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15578
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15579
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15580
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15581
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15582
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15583
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15584
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15585
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15586
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15587
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 15588
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags"
              }
            ],
            "repeated": 0,
            "id": 15589
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15590
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 15591
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 15592
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15593
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15594
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15595
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15596
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15597
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15598
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15599
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15600
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15601
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15602
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15603
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15604
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15605
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15606
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15607
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000654"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Domains\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              }
            ],
            "repeated": 0,
            "id": 15608
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "KeyInformation",
                "value": "^\\xffee\\xffb0\\xfff6v\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15609
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15610
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15611
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\"
              }
            ],
            "repeated": 0,
            "id": 15612
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000654"
              },
              {
                "name": "ObjectAttributesName",
                "value": "ProtocolDefaults\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\"
              }
            ],
            "repeated": 0,
            "id": 15613
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "KeyInformation",
                "value": "^\\xffee\\xffb0\\xfff6v\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x04\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 15614
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15615
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15616
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15617
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15618
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15619
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15620
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15621
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15622
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000660"
              }
            ],
            "repeated": 0,
            "id": 15623
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15624
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 15625
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 15626
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15627
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 15628
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 15629
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15630
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15631
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15632
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15633
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15634
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15635
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15636
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15637
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15638
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15639
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15640
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_MIME_HANDLING"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING"
              }
            ],
            "repeated": 0,
            "id": 15641
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15642
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\*"
              }
            ],
            "repeated": 0,
            "id": 15643
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15644
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15645
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71ed3000"
              },
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15646
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15647
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15648
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15649
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15650
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15651
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15652
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15653
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae40000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15654
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15655
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15656
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_OLEALIAS_GWND"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OLEALIAS_GWND"
              }
            ],
            "repeated": 0,
            "id": 15657
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_TOPMOST_GWND"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_TOPMOST_GWND"
              }
            ],
            "repeated": 0,
            "id": 15658
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae3e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15659
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 15660
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetCoalescableTimer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64950"
              }
            ],
            "repeated": 0,
            "id": 15661
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15662
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15663
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 15664
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 15665
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000046"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15666
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 15667
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15668
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15669
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 15670
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001042"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15671
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000103e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15672
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae48000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15673
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae4a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15674
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae4c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15675
          },
          {
            "timestamp": "2026-06-28 21:56:19,151",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae4e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15676
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15677
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              }
            ],
            "repeated": 0,
            "id": 15678
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0adc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15679
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 15680
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 15681
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 15682
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000067c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15683
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 15684
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15685
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15686
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0adc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 15687
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x726e0000"
              }
            ],
            "repeated": 0,
            "id": 15688
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x726e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15689
          },
          {
            "timestamp": "2026-06-28 21:56:19,167",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000067c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15690
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000688"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x74e26d60"
              },
              {
                "name": "Parameter",
                "value": "0x0968c370"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "3812"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "msvcrt.dll"
              }
            ],
            "repeated": 0,
            "id": 15691
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x00000688",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x74e26d60"
              },
              {
                "name": "ModuleName",
                "value": "msvcrt.dll"
              },
              {
                "name": "Parameter",
                "value": "0x0968c370"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "3812"
              }
            ],
            "repeated": 0,
            "id": 15692
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3812",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089ed000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15693
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3812",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15694
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3812",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15695
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "OLEAUT32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 15696
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3812",
            "caller": "0x76f6b4e6",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "12"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "3812"
              }
            ],
            "repeated": 0,
            "id": 15697
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 15698
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 15699
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 15700
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 15701
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15702
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 15703
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15704
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3812",
            "caller": "0x76f6b509",
            "parentcaller": "0x75bab545",
            "category": "threading",
            "api": "NtTerminateThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x00000000"
              },
              {
                "name": "ExitStatus",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "0"
              },
              {
                "name": "ProcessId",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15705
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 15706
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3472",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15707
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3472",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15708
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3472",
            "caller": "0x75b8f11f",
            "parentcaller": "0x758069c0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "oleaut32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75450000"
              }
            ],
            "repeated": 0,
            "id": 15709
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3472",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15710
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "3472",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15711
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 15712
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15713
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15714
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0add0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 15715
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15716
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7"
              }
            ],
            "repeated": 0,
            "id": 15717
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15718
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*"
              }
            ],
            "repeated": 0,
            "id": 15719
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15720
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15721
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15722
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15723
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15724
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000066c"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15725
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000066c"
              }
            ],
            "repeated": 0,
            "id": 15726
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15727
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15728
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html"
              }
            ],
            "repeated": 0,
            "id": 15729
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15730
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html"
              }
            ],
            "repeated": 0,
            "id": 15731
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae50000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15732
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_MIME_SNIFFING"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING"
              }
            ],
            "repeated": 0,
            "id": 15733
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15734
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\*"
              }
            ],
            "repeated": 0,
            "id": 15735
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 15736
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15737
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 15738
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "IsTextPlainHonored"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored"
              }
            ],
            "repeated": 0,
            "id": 15739
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 15740
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_FEEDS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS"
              }
            ],
            "repeated": 0,
            "id": 15741
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15742
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\*"
              }
            ],
            "repeated": 0,
            "id": 15743
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 15744
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ENABLE_COMPAT_LOGGING"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_COMPAT_LOGGING"
              }
            ],
            "repeated": 0,
            "id": 15745
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15746
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 15747
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 15748
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MIME\\Database\\Content Type\\text/html"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\MIME\\Database\\Content Type\\text/html"
              }
            ],
            "repeated": 0,
            "id": 15749
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15750
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 15751
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProxyEnable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable"
              }
            ],
            "repeated": 0,
            "id": 15752
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15753
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15754
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x755e0000"
              },
              {
                "name": "FunctionName",
                "value": "SHStrDupW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x755fede0"
              }
            ],
            "repeated": 0,
            "id": 15755
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15756
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15757
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 15758
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "ProxyEnable"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable"
              }
            ],
            "repeated": 0,
            "id": 15759
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15760
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15761
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15762
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15763
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15764
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15765
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15766
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15767
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 15768
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_PROTOCOL_LOCKDOWN"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN"
              }
            ],
            "repeated": 0,
            "id": 15769
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15770
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*"
              }
            ],
            "repeated": 0,
            "id": 15771
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15772
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15773
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15774
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000674"
              },
              {
                "name": "ValueName",
                "value": "2703"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703"
              }
            ],
            "repeated": 0,
            "id": 15775
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15776
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15777
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000678"
              },
              {
                "name": "ValueName",
                "value": "2703"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703"
              }
            ],
            "repeated": 0,
            "id": 15778
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000674"
              }
            ],
            "repeated": 0,
            "id": 15779
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000678"
              }
            ],
            "repeated": 0,
            "id": 15780
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15781
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CLSIDFromString"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7580f690"
              }
            ],
            "repeated": 0,
            "id": 15782
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15783
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15784
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75805040"
              }
            ],
            "repeated": 0,
            "id": 15785
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15786
          },
          {
            "timestamp": "2026-06-28 21:56:19,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "25336920-03F9-11CF-8FD0-00AA00686F13"
              },
              {
                "name": "ClsContext",
                "value": "0x00000005",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_LOCAL_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": "htmlfile"
              }
            ],
            "repeated": 0,
            "id": 15787
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000300",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15788
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": true,
            "return": "0x00000400",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15789
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000029"
              },
              {
                "name": "uiParam",
                "value": "0x000001f8"
              }
            ],
            "repeated": 0,
            "id": 15790
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 15791
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000046"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15792
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 1,
            "id": 15793
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001042"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15794
          },
          {
            "timestamp": "2026-06-28 21:56:19,214",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000103e"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15795
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000698"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.manifest"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15796
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000069c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004",
                "pretty_value": "SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000698"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              }
            ],
            "repeated": 0,
            "id": 15797
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000069c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0adc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15798
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 15799
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a0"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 15800
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a0"
              }
            ],
            "repeated": 0,
            "id": 15801
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000698"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\WindowsShell.Manifest"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 15802
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 15803
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000698"
              }
            ],
            "repeated": 0,
            "id": 15804
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000069c"
              }
            ],
            "repeated": 0,
            "id": 15805
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0adc0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 15806
          },
          {
            "timestamp": "2026-06-28 21:56:19,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000069c"
              },
              {
                "name": "Options",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15807
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000006a4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x74e26d60"
              },
              {
                "name": "Parameter",
                "value": "0x0968b458"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "368"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "msvcrt.dll"
              }
            ],
            "repeated": 0,
            "id": 15808
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000006a4",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x74e26d60"
              },
              {
                "name": "ModuleName",
                "value": "msvcrt.dll"
              },
              {
                "name": "Parameter",
                "value": "0x0968b458"
              },
              {
                "name": "CreationFlags",
                "value": "0x00010000"
              },
              {
                "name": "ThreadId",
                "value": "368"
              }
            ],
            "repeated": 0,
            "id": 15809
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "368",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15810
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "368",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15811
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\x05\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9f\\x00\\x00\\x00\\x00h+\\x01\\x7f\\xf6\\x99\\x08\\xdc\\xe6\\x17\\x03\\x90\\x05\\xf3\\x00\\x94\\xc0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ\\xfe\\xff\\xff\\xff\\xe8\\x05\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 15812
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15813
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15814
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15815
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 15816
          },
          {
            "timestamp": "2026-06-28 21:56:19,245",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DragScrollDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay"
              }
            ],
            "repeated": 0,
            "id": 15817
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15818
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\x05\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xa0\\x00\\x00\\x00\\x00h+\\x01\\x7f\\xf6\\x99\\x08x\\xf6\\x99\\x08\\x87Q@v\\x94\\xc0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ\\xfe\\xff\\xff\\xff\\xe8\\x05\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 15819
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15820
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15821
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 15822
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DragDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay"
              }
            ],
            "repeated": 0,
            "id": 15823
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15824
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x10\\x05\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x9e\\x00\\x00\\x00\\x00h+\\x01\\x7f\\xf6\\x99\\x08x\\xf6\\x99\\x08\\x87Q@v\\x94\\xc0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ\\xfe\\xff\\xff\\xff\\xe8\\x05\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 15825
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15826
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15827
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 15828
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DragScrollInterval"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval"
              }
            ],
            "repeated": 0,
            "id": 15829
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15830
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15831
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap"
              }
            ],
            "repeated": 0,
            "id": 15832
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "IEharden"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IEharden"
              }
            ],
            "repeated": 0,
            "id": 15833
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15834
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15835
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
              }
            ],
            "repeated": 0,
            "id": 15836
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "NoFileMenu"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu"
              }
            ],
            "repeated": 0,
            "id": 15837
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15838
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS"
              }
            ],
            "repeated": 0,
            "id": 15839
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae58000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15840
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae52000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15841
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15842
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15843
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae56000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15844
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae68000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15845
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15846
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "srpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 15847
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 15848
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15849
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000684"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000688"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\srpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 15850
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000684"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a80000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00025000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15851
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a9d000"
              },
              {
                "name": "ModuleName",
                "value": "srpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15852
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15853
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15854
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a9b000"
              },
              {
                "name": "ModuleName",
                "value": "srpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15855
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 15856
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 15857
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a9b000"
              },
              {
                "name": "ModuleName",
                "value": "srpapi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15858
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15859
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 15860
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15861
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\srpapi.dll"
              }
            ],
            "repeated": 0,
            "id": 15862
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000688"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\srpapi.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 15863
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000688"
              }
            ],
            "repeated": 0,
            "id": 15864
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\srpapi"
              },
              {
                "name": "DllBase",
                "value": "0x70a80000"
              }
            ],
            "repeated": 0,
            "id": 15865
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\srpapi"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a80000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70a96fc0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 15866
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15867
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15868
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15869
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x07\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00H\\x07\\xf3\\x00;\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x9f\\x00\\x00\\x00\\x00h+\\x01\\x7f\\xf6\\x99\\x08\\xff\\xff\\xff\\xff\\x87f8\t\\x94\\xc0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 15870
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 15871
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15872
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 15873
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DragScrollInset"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset"
              }
            ],
            "repeated": 0,
            "id": 15874
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15875
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Floppy Access"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\Floppy Access"
              }
            ],
            "repeated": 0,
            "id": 15876
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000548"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Adv AddrBar Spoof Detection"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection"
              }
            ],
            "repeated": 0,
            "id": 15877
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Adv AddrBar Spoof Detection"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection"
              }
            ],
            "repeated": 0,
            "id": 15878
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae70000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15879
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae6a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15880
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15881
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15882
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae80000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15883
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae6e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15884
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15885
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15886
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_DISABLE_IGNORE_ZONE_FOR_SECURITYID"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_IGNORE_ZONE_FOR_SECURITYID"
              }
            ],
            "repeated": 0,
            "id": 15887
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15888
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15889
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15890
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15891
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15892
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15893
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15894
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 15895
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15896
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15897
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15898
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15899
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15900
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15901
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15902
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15903
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15904
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15905
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 15906
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 15907
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15908
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 15909
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae88000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15910
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15911
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15912
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "2106"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106"
              }
            ],
            "repeated": 0,
            "id": 15913
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15914
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 15915
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "2106"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106"
              }
            ],
            "repeated": 0,
            "id": 15916
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 15917
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15918
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15919
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Zoom"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom"
              }
            ],
            "repeated": 0,
            "id": 15920
          },
          {
            "timestamp": "2026-06-28 21:56:19,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 15921
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Zoom"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom"
              }
            ],
            "repeated": 0,
            "id": 15922
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Zoom"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom"
              }
            ],
            "repeated": 0,
            "id": 15923
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "ZoomDisabled"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled"
              }
            ],
            "repeated": 0,
            "id": 15924
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Zoom"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Zoom"
              }
            ],
            "repeated": 0,
            "id": 15925
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae8a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15926
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae8c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15927
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "28"
              }
            ],
            "repeated": 0,
            "id": 15928
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae8e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15929
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae90000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15930
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ALIGNED_TIMERS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALIGNED_TIMERS"
              }
            ],
            "repeated": 0,
            "id": 15931
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_VSYNC_WATCHDOG"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_VSYNC_WATCHDOG"
              }
            ],
            "repeated": 0,
            "id": 15932
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ALLOW_HIGHFREQ_TIMERS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_HIGHFREQ_TIMERS"
              }
            ],
            "repeated": 0,
            "id": 15933
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "MinimumSystemTimerResolution"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution"
              }
            ],
            "repeated": 0,
            "id": 15934
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "MinimumSystemTimerResolution"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution"
              }
            ],
            "repeated": 0,
            "id": 15935
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "RenderingLoopMaxTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\RenderingLoopMaxTime"
              }
            ],
            "repeated": 0,
            "id": 15936
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae92000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15937
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15938
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "ProgIDFromCLSID"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x758890e0"
              }
            ],
            "repeated": 0,
            "id": 15939
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15940
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 15941
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000500"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 15942
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_SAFE_BINDTOOBJECT"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT"
              }
            ],
            "repeated": 0,
            "id": 15943
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 15944
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*"
              }
            ],
            "repeated": 0,
            "id": 15945
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 15946
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15947
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 15948
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_WEBOC_DOCUMENT_ZOOM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM"
              }
            ],
            "repeated": 0,
            "id": 15949
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 15950
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15951
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15952
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15953
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15954
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 15955
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 15956
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 15957
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 15958
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 15959
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000624"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 15960
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15961
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15962
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15963
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 15964
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "RtfConverterFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\RtfConverterFlags"
              }
            ],
            "repeated": 0,
            "id": 15965
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Use_DlgBox_Colors"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors"
              }
            ],
            "repeated": 0,
            "id": 15966
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Anchor Underline"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Anchor Underline"
              }
            ],
            "repeated": 0,
            "id": 15967
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "CSS_Compat"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\CSS_Compat"
              }
            ],
            "repeated": 0,
            "id": 15968
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Expand Alt Text"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Expand Alt Text"
              }
            ],
            "repeated": 0,
            "id": 15969
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Display Inline Images"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Images"
              }
            ],
            "repeated": 0,
            "id": 15970
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Display Inline Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos"
              }
            ],
            "repeated": 0,
            "id": 15971
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "Display Inline Videos"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos"
              }
            ],
            "repeated": 0,
            "id": 15972
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Play_Background_Sounds"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds"
              }
            ],
            "repeated": 0,
            "id": 15973
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Play_Animations"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Animations"
              }
            ],
            "repeated": 0,
            "id": 15974
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PageSetup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup"
              }
            ],
            "repeated": 0,
            "id": 15975
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000642"
              }
            ],
            "repeated": 0,
            "id": 15976
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Print_Background"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background"
              }
            ],
            "repeated": 0,
            "id": 15977
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PageSetup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\PageSetup"
              }
            ],
            "repeated": 0,
            "id": 15978
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "SmoothScroll"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\SmoothScroll"
              }
            ],
            "repeated": 0,
            "id": 15979
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "SmoothScroll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\SmoothScroll"
              }
            ],
            "repeated": 0,
            "id": 15980
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "XMLHTTP"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XMLHTTP"
              }
            ],
            "repeated": 0,
            "id": 15981
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Show image placeholders"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Show image placeholders"
              }
            ],
            "repeated": 0,
            "id": 15982
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "Show image placeholders"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Show image placeholders"
              }
            ],
            "repeated": 0,
            "id": 15983
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Disable Script Debugger"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger"
              }
            ],
            "repeated": 0,
            "id": 15984
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "DisableScriptDebuggerIE"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "yes"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DisableScriptDebuggerIE"
              }
            ],
            "repeated": 0,
            "id": 15985
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Disable Diagnostics Mode"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode"
              }
            ],
            "repeated": 0,
            "id": 15986
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "Disable Diagnostics Mode"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode"
              }
            ],
            "repeated": 0,
            "id": 15987
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Move System Caret"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Move System Caret"
              }
            ],
            "repeated": 0,
            "id": 15988
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Enable AutoImageResize"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize"
              }
            ],
            "repeated": 0,
            "id": 15989
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "Enable AutoImageResize"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize"
              }
            ],
            "repeated": 0,
            "id": 15990
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "UseHR"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseHR"
              }
            ],
            "repeated": 0,
            "id": 15991
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Q300829"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Q300829"
              }
            ],
            "repeated": 0,
            "id": 15992
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Cleanup HTCs"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Cleanup HTCs"
              }
            ],
            "repeated": 0,
            "id": 15993
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "XDomainRequest"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XDomainRequest"
              }
            ],
            "repeated": 0,
            "id": 15994
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "XDomainRequest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\XDomainRequest"
              }
            ],
            "repeated": 0,
            "id": 15995
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "DOMStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DOMStorage"
              }
            ],
            "repeated": 0,
            "id": 15996
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "DOMStorage"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\DOMStorage"
              }
            ],
            "repeated": 0,
            "id": 15997
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "JScriptProfileCacheEventDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\JScriptProfileCacheEventDelay"
              }
            ],
            "repeated": 0,
            "id": 15998
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "International"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International"
              }
            ],
            "repeated": 0,
            "id": 15999
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 16000
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Default_CodePage"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Default_CodePage"
              }
            ],
            "repeated": 0,
            "id": 16001
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 16002
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16003
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts"
              }
            ],
            "repeated": 0,
            "id": 16004
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16005
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts"
              }
            ],
            "repeated": 0,
            "id": 16006
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000640"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Scripts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts"
              }
            ],
            "repeated": 0,
            "id": 16007
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 16008
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Default_IEFontSizePrivate"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate"
              }
            ],
            "repeated": 0,
            "id": 16009
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "International\\Scripts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\International\\Scripts"
              }
            ],
            "repeated": 0,
            "id": 16010
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "Default_IEFontSizePrivate"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate"
              }
            ],
            "repeated": 0,
            "id": 16011
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "International\\Scripts"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\International\\Scripts"
              }
            ],
            "repeated": 0,
            "id": 16012
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16013
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings"
              }
            ],
            "repeated": 0,
            "id": 16014
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f3000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16015
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16016
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings"
              }
            ],
            "repeated": 0,
            "id": 16017
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings"
              }
            ],
            "repeated": 0,
            "id": 16018
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 16019
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Anchor Color"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "0,0,255"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color"
              }
            ],
            "repeated": 0,
            "id": 16020
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Anchor Color Visited"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "128,0,128"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Visited"
              }
            ],
            "repeated": 0,
            "id": 16021
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Anchor Color Hover"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Hover"
              }
            ],
            "repeated": 0,
            "id": 16022
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Settings"
              }
            ],
            "repeated": 0,
            "id": 16023
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Always Use My Colors"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Colors"
              }
            ],
            "repeated": 0,
            "id": 16024
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Always Use My Font Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Size"
              }
            ],
            "repeated": 0,
            "id": 16025
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Always Use My Font Face"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Face"
              }
            ],
            "repeated": 0,
            "id": 16026
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Disable Visited Hyperlinks"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Disable Visited Hyperlinks"
              }
            ],
            "repeated": 0,
            "id": 16027
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "Use Anchor Hover Color"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "No"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Use Anchor Hover Color"
              }
            ],
            "repeated": 0,
            "id": 16028
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000054c"
              },
              {
                "name": "ValueName",
                "value": "MiscFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\MiscFlags"
              }
            ],
            "repeated": 0,
            "id": 16029
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Styles"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Styles"
              }
            ],
            "repeated": 0,
            "id": 16030
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Text Scaling"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Text Scaling"
              }
            ],
            "repeated": 7,
            "id": 16031
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Viewport"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Viewport"
              }
            ],
            "repeated": 1,
            "id": 16032
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Larger Hit Test"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Larger Hit Test"
              }
            ],
            "repeated": 0,
            "id": 16033
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Script"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Script"
              }
            ],
            "repeated": 0,
            "id": 16034
          },
          {
            "timestamp": "2026-06-28 21:56:19,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "AdvancedOptions\\DISAMBIGUATION"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\AdvancedOptions\\DISAMBIGUATION"
              }
            ],
            "repeated": 2,
            "id": 16035
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16036
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop"
              }
            ],
            "repeated": 0,
            "id": 16037
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16038
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Policies"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies"
              }
            ],
            "repeated": 0,
            "id": 16039
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 16040
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "Allow Programmatic Cut_Copy_Paste"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste"
              }
            ],
            "repeated": 0,
            "id": 16041
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16042
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 16043
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 16044
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "DisableCachingOfSSLPages"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages"
              }
            ],
            "repeated": 0,
            "id": 16045
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16046
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 16047
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 16048
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "DisableCachingOfSSLPages"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages"
              }
            ],
            "repeated": 0,
            "id": 16049
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16050
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 16051
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 16052
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f0"
              },
              {
                "name": "ValueName",
                "value": "DisableCachingOfSSLPages"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages"
              }
            ],
            "repeated": 0,
            "id": 16053
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16054
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme"
              }
            ],
            "repeated": 0,
            "id": 16055
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 16056
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "FontScale"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme\\FontScale"
              }
            ],
            "repeated": 0,
            "id": 16057
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PageSetup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup"
              }
            ],
            "repeated": 0,
            "id": 16058
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 16059
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ValueName",
                "value": "Print_Background"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background"
              }
            ],
            "repeated": 0,
            "id": 16060
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PageSetup"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\PageSetup"
              }
            ],
            "repeated": 0,
            "id": 16061
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MenuExt"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt"
              }
            ],
            "repeated": 0,
            "id": 16062
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 16063
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "KeyInformation",
                "value": "xW(\\xffa0H\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 16064
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 16065
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16066
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "E&xport to Microsoft Excel"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel"
              }
            ],
            "repeated": 0,
            "id": 16067
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 16068
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "res://C:\\PROGRA~1\\Microsoft Office\\Office16\\EXCEL.EXE/3000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 16069
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Flags"
              }
            ],
            "repeated": 1,
            "id": 16070
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "Contexts"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Contexts"
              }
            ],
            "repeated": 1,
            "id": 16071
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000540"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Se&nd to OneNote"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote"
              }
            ],
            "repeated": 0,
            "id": 16072
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 16073
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "res://C:\\PROGRA~1\\Microsoft Office\\Office16\\ONBttnIE.dll/105"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 16074
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Flags"
              }
            ],
            "repeated": 1,
            "id": 16075
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000640"
              },
              {
                "name": "ValueName",
                "value": "Contexts"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "55"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Contexts"
              }
            ],
            "repeated": 1,
            "id": 16076
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16077
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage"
              }
            ],
            "repeated": 0,
            "id": 16078
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 0,
            "id": 16079
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "950"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "c_950.nls"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950"
              }
            ],
            "repeated": 0,
            "id": 16080
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_96DPI_PIXEL"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_96DPI_PIXEL"
              }
            ],
            "repeated": 0,
            "id": 16081
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_OPTICAL_ZOOM"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OPTICAL_ZOOM"
              }
            ],
            "repeated": 0,
            "id": 16082
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 16083
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 16084
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 16085
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 16086
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 16087
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 16088
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 16089
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 16090
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 16091
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 16092
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 16093
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000680"
              }
            ],
            "repeated": 0,
            "id": 16094
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000054c"
              }
            ],
            "repeated": 1,
            "id": 16095
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "International\\Scripts\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3"
              }
            ],
            "repeated": 0,
            "id": 16096
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 16097
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFontSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize"
              }
            ],
            "repeated": 0,
            "id": 16098
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFontSizePrivate"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate"
              }
            ],
            "repeated": 0,
            "id": 16099
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEPropFontName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Times New Roman"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName"
              }
            ],
            "repeated": 0,
            "id": 16100
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFixedFontName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Courier New"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName"
              }
            ],
            "repeated": 0,
            "id": 16101
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IESerifFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName"
              }
            ],
            "repeated": 0,
            "id": 16102
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IESansSerifFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName"
              }
            ],
            "repeated": 0,
            "id": 16103
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEUIFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName"
              }
            ],
            "repeated": 0,
            "id": 16104
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\xfb\\xf2\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00+\\x01\\x00\\x00\\x00\\x00\\xfc\\xfb\\xf2\\x00\\x98\\xfc\\xf2\\x00\\x08\\x00\\x00\\x00\\xec\\xa1\\xe3\n\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x94\\xdf\\x9e\\x08\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16105
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 16106
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000670"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\International"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International"
              }
            ],
            "repeated": 0,
            "id": 16107
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "AcceptLanguage"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AcceptLanguage"
              }
            ],
            "repeated": 0,
            "id": 16108
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 16109
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 16110
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_RESTRICT_FILEDOWNLOAD"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD"
              }
            ],
            "repeated": 0,
            "id": 16111
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16112
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*"
              }
            ],
            "repeated": 0,
            "id": 16113
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 16114
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16115
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "MSHTML.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70b10000"
              }
            ],
            "repeated": 0,
            "id": 16116
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70b10000"
              },
              {
                "name": "FunctionName",
                "value": "TravelLogCreateInstance"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70f7f880"
              }
            ],
            "repeated": 0,
            "id": 16117
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16118
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16119
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16120
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16121
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16122
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16123
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16124
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16125
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16126
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16127
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16128
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16129
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog"
              }
            ],
            "repeated": 0,
            "id": 16130
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Version Vector"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector"
              }
            ],
            "repeated": 0,
            "id": 16131
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 16132
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "KeyInformation",
                "value": "<>7\\xffd3\\xffde\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 16133
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16134
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16135
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "IE"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "9.0000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE"
              }
            ],
            "repeated": 0,
            "id": 16136
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000670"
              },
              {
                "name": "ValueName",
                "value": "VML"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "1.0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML"
              }
            ],
            "repeated": 0,
            "id": 16137
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16138
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 16139
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16140
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about"
              }
            ],
            "repeated": 0,
            "id": 16141
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID"
              }
            ],
            "repeated": 1,
            "id": 16142
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 16143
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "com",
            "api": "CoGetClassObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3050F406-98B5-11CF-BB82-00AA00BDCE0B"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "00000001-0000-0000-C000-000000000046"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16144
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ZONE_ELEVATION"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION"
              }
            ],
            "repeated": 0,
            "id": 16145
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16146
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*"
              }
            ],
            "repeated": 0,
            "id": 16147
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 16148
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_DISABLE_NAVIGATION_SOUNDS"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS"
              }
            ],
            "repeated": 0,
            "id": 16149
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16150
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              }
            ],
            "repeated": 0,
            "id": 16151
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16152
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              }
            ],
            "repeated": 0,
            "id": 16153
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "IEDevTools\\Options"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              }
            ],
            "repeated": 0,
            "id": 16154
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "IEDevTools\\Options"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\IEDevTools\\Options"
              }
            ],
            "repeated": 0,
            "id": 16155
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16156
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16157
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ValueName",
                "value": "2700"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700"
              }
            ],
            "repeated": 0,
            "id": 16158
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16159
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16160
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000684"
              },
              {
                "name": "ValueName",
                "value": "2700"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700"
              }
            ],
            "repeated": 0,
            "id": 16161
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005e8"
              }
            ],
            "repeated": 0,
            "id": 16162
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000684"
              }
            ],
            "repeated": 0,
            "id": 16163
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76320000"
              }
            ],
            "repeated": 0,
            "id": 16164
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76320000"
              },
              {
                "name": "FunctionName",
                "value": "SHCreateAssociationRegistration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7648d6f0"
              }
            ],
            "repeated": 0,
            "id": 16165
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000410",
                "pretty_value": "PROCESS_VM_READ|PROCESS_QUERY_INFORMATION"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 16166
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 16167
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 16168
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16169
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\Shell\\Associations\\MIMEAssociations\\text/xml\\UserChoice"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\MIMEAssociations\\text/xml\\UserChoice"
              }
            ],
            "repeated": 0,
            "id": 16170
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16171
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16172
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16173
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "MIME\\Database\\Content Type\\text/xml"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml"
              }
            ],
            "repeated": 0,
            "id": 16174
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml"
              }
            ],
            "repeated": 0,
            "id": 16175
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 16176
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/xml"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16177
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x04\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16178
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb0\\x03\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x07\\x00\\x00\\x00\\x07\\x00<\\x04\\xec\\x03\\xe0\\x03\\xea\\x05\\x00\\x00\\x00\\x00\\x00\\x004\\x00\\x00\\xc0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x88\\x06\\xf3\\x00\\xbc^\\xb8u\\xea\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16179
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x02000000",
                "pretty_value": "MAXIMUM_ALLOWED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes\\MIME\\Database\\Content Type\\text/xml"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml"
              }
            ],
            "repeated": 0,
            "id": 16180
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ea"
              },
              {
                "name": "ValueName",
                "value": "CLSID"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{48123BC4-99D9-11D1-A6B3-00C04FD91555}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/xml\\CLSID"
              }
            ],
            "repeated": 0,
            "id": 16181
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae94000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16182
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 16183
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "urlmon.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x71d90000"
              }
            ],
            "repeated": 0,
            "id": 16184
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x71d90000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "urlmon.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16185
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "471"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71db7ca0"
              }
            ],
            "repeated": 0,
            "id": 16186
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae96000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16187
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae98000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16188
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WLDP.DLL"
              },
              {
                "name": "BaseAddress",
                "value": "0x746b0000"
              }
            ],
            "repeated": 0,
            "id": 16189
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x746b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "WLDP.DLL"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 16190
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x746b0000"
              },
              {
                "name": "FunctionName",
                "value": "WldpGetLockdownPolicy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x746b70c0"
              }
            ],
            "repeated": 0,
            "id": 16191
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": false,
            "return": "0xffffffffc0000003",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "143"
              }
            ],
            "repeated": 0,
            "id": 16192
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "103"
              }
            ],
            "repeated": 0,
            "id": 16193
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 16194
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae9a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16195
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 16196
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 16197
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16198
          },
          {
            "timestamp": "2026-06-28 21:56:19,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16199
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001f8"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x06\\x00\\x00\\x00\\xcf6\\xbau\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\xff\\xff\\xff\\xffP\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffR\\x00N\\x00G\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16200
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "device",
            "api": "NtDeviceIoControlFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000001f8"
              },
              {
                "name": "HandleName",
                "value": "\\Device\\KsecDD"
              },
              {
                "name": "IoControlCode",
                "value": "0x00390400"
              },
              {
                "name": "InputBuffer",
                "value": "M<+\\x1a\\x00\\x00\\x02\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xa5\\x01\nv0\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x01\\x00\\x00\\x00\\x02\\x00\\x00\\x00R\\x00N\\x00G\\x00\\x00\\x00"
              },
              {
                "name": "OutputBuffer",
                "value": "\\x01\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x00\\x00\\x00\\x00\\x00\\x00\\x00P\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00G\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x98\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xffR\\x00N\\x00G\\x00\\x00\\x00M\\x00i\\x00c\\x00r\\x00o\\x00s\\x00o\\x00f\\x00t\\x00 \\x00P\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00 \\x00P\\x00r\\x00o\\x00v\\x00i\\x00d\\x00e\\x00r\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00b\\x00c\\x00r\\x00y\\x00p\\x00t\\x00p\\x00r\\x00i\\x00m\\x00i\\x00t\\x00i\\x00v\\x00e\\x00s\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16201
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "bcryptPrimitives.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x769d0000"
              },
              {
                "name": "FunctionName",
                "value": "GetRngInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x769fadf0"
              }
            ],
            "repeated": 0,
            "id": 16202
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_XSSFILTER"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER"
              }
            ],
            "repeated": 0,
            "id": 16203
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16204
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\*"
              }
            ],
            "repeated": 0,
            "id": 16205
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16206
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "UrlBlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\UrlBlock"
              }
            ],
            "repeated": 0,
            "id": 16207
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16208
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter"
              }
            ],
            "repeated": 0,
            "id": 16209
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16210
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter"
              }
            ],
            "repeated": 0,
            "id": 16211
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PhishingFilter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PhishingFilter"
              }
            ],
            "repeated": 0,
            "id": 16212
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000624"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PhishingFilter"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\PhishingFilter"
              }
            ],
            "repeated": 0,
            "id": 16213
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16214
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16215
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16216
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16217
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "p\\xe63\\x01\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16218
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16219
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16220
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16221
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\Users\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\Users\\S-1-5-21-3262678163-160926255-2192883574-1002"
              }
            ],
            "repeated": 0,
            "id": 16222
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16223
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16224
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16225
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16226
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16227
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16228
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000067c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16229
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000067c"
              }
            ],
            "repeated": 0,
            "id": 16230
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 16231
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "windows",
            "api": "FindWindowW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ClassName",
                "value": "MS_AutodialMonitor"
              },
              {
                "name": "WindowName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16232
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "windows",
            "api": "FindWindowW",
            "status": true,
            "return": "0x0003004e",
            "arguments": [
              {
                "name": "ClassName",
                "value": "MS_WebCheckMonitor"
              },
              {
                "name": "WindowName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 16233
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0003004e"
              },
              {
                "name": "Message",
                "value": "0x0000c062"
              }
            ],
            "repeated": 0,
            "id": 16234
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16235
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16236
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16237
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 16238
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16239
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005ec"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16240
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ec"
              }
            ],
            "repeated": 0,
            "id": 16241
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 16242
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_PROCESS_XML_AS_HTML"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROCESS_XML_AS_HTML"
              }
            ],
            "repeated": 0,
            "id": 16243
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae9c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16244
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000006b0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x70f41410"
              },
              {
                "name": "Parameter",
                "value": "0x0ae4a480"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1396"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 16245
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000006b0",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x70f41410"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "Parameter",
                "value": "0x0ae4a480"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "1396"
              }
            ],
            "repeated": 0,
            "id": 16246
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16247
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "RevokeBindStatusCallback"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71e042d0"
              }
            ],
            "repeated": 0,
            "id": 16248
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16249
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16250
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Zones"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Zones"
              }
            ],
            "repeated": 0,
            "id": 16251
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "SecuritySafe"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe"
              }
            ],
            "repeated": 0,
            "id": 16252
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16253
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16254
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 16255
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "NoProtectedModeBanner"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner"
              }
            ],
            "repeated": 0,
            "id": 16256
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16257
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Low Rights"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Low Rights"
              }
            ],
            "repeated": 0,
            "id": 16258
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Low Rights"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights"
              }
            ],
            "repeated": 0,
            "id": 16259
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Low Rights"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights"
              }
            ],
            "repeated": 0,
            "id": 16260
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "ProtectedModeOffForAllZones"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones"
              }
            ],
            "repeated": 0,
            "id": 16261
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16262
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16263
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": "CoInternetCreateZoneManager"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71dbfe90"
              }
            ],
            "repeated": 0,
            "id": 16264
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16265
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16266
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16267
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16268
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16269
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 16270
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 16271
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16272
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\t\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 16273
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "1396",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089f7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16274
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16275
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 16276
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16277
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0"
              }
            ],
            "repeated": 0,
            "id": 16278
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY"
              }
            ],
            "repeated": 0,
            "id": 16279
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 16280
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\urlmon.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 16281
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006c0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\en-US\\urlmon.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 16282
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006c4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0adc0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f2e878"
              },
              {
                "name": "ViewSize",
                "value": "0x0000e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16283
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006c4"
              }
            ],
            "repeated": 0,
            "id": 16284
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell32.dll#0016"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16285
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "MinLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel"
              }
            ],
            "repeated": 0,
            "id": 16286
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "RecommendedLevel"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel"
              }
            ],
            "repeated": 0,
            "id": 16287
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "CurrentLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel"
              }
            ],
            "repeated": 0,
            "id": 16288
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "33"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags"
              }
            ],
            "repeated": 0,
            "id": 16289
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16290
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16291
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16292
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 16293
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16294
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 16295
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "shell32.dll#0018"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16296
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "MinLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "65536"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel"
              }
            ],
            "repeated": 0,
            "id": 16297
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006bc"
              },
              {
                "name": "ValueName",
                "value": "RecommendedLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "66816"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel"
              }
            ],
            "repeated": 0,
            "id": 16298
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "CurrentLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "66816"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel"
              }
            ],
            "repeated": 0,
            "id": 16299
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006b8"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "219"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags"
              }
            ],
            "repeated": 0,
            "id": 16300
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006bc"
              }
            ],
            "repeated": 0,
            "id": 16301
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "1396",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 16302
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "1396",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16303
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "1396",
            "caller": "0x75b9fd84",
            "parentcaller": "0x753ca7ea",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x000006bc"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 16304
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006b8"
              }
            ],
            "repeated": 0,
            "id": 16305
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16306
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 16307
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500"
              }
            ],
            "repeated": 0,
            "id": 16308
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16309
          },
          {
            "timestamp": "2026-06-28 21:56:19,307",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16310
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "1396",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16311
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "1396",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x759a8000"
              },
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16312
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1"
              }
            ],
            "repeated": 0,
            "id": 16313
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500"
              }
            ],
            "repeated": 0,
            "id": 16314
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16315
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16316
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 16317
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16318
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 16319
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "inetcpl.cpl#00004480"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16320
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "MinLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "65536"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel"
              }
            ],
            "repeated": 0,
            "id": 16321
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "RecommendedLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "69632"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel"
              }
            ],
            "repeated": 0,
            "id": 16322
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "CurrentLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "69632"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel"
              }
            ],
            "repeated": 0,
            "id": 16323
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "71"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags"
              }
            ],
            "repeated": 0,
            "id": 16324
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16325
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16326
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16327
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 16328
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500"
              }
            ],
            "repeated": 0,
            "id": 16329
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16330
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 16331
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500"
              }
            ],
            "repeated": 0,
            "id": 16332
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16333
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16334
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16335
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2"
              }
            ],
            "repeated": 0,
            "id": 16336
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500"
              }
            ],
            "repeated": 0,
            "id": 16337
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16338
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16339
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16340
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16341
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16342
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "inetcpl.cpl#001313"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16343
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "MinLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "69632"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel"
              }
            ],
            "repeated": 0,
            "id": 16344
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "RecommendedLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "70912"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel"
              }
            ],
            "repeated": 0,
            "id": 16345
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "CurrentLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "70912"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel"
              }
            ],
            "repeated": 0,
            "id": 16346
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags"
              }
            ],
            "repeated": 0,
            "id": 16347
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16348
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16349
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16350
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16351
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500"
              }
            ],
            "repeated": 0,
            "id": 16352
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16353
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16354
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500"
              }
            ],
            "repeated": 0,
            "id": 16355
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16356
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16357
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16358
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 16359
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500"
              }
            ],
            "repeated": 0,
            "id": 16360
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16361
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089fa000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16362
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16363
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 16364
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16365
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f003f",
                "pretty_value": "KEY_ALL_ACCESS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 16366
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "inetcpl.cpl#00004481"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon"
              }
            ],
            "repeated": 0,
            "id": 16367
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "MinLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "73728"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel"
              }
            ],
            "repeated": 0,
            "id": 16368
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "RecommendedLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "73728"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel"
              }
            ],
            "repeated": 0,
            "id": 16369
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "CurrentLevel"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "73728"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel"
              }
            ],
            "repeated": 0,
            "id": 16370
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Flags"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "3"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags"
              }
            ],
            "repeated": 0,
            "id": 16371
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16372
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16373
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16374
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 16375
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500"
              }
            ],
            "repeated": 0,
            "id": 16376
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16377
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 16378
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500"
              }
            ],
            "repeated": 0,
            "id": 16379
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16380
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16381
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16382
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4"
              }
            ],
            "repeated": 0,
            "id": 16383
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ValueName",
                "value": "2500"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500"
              }
            ],
            "repeated": 0,
            "id": 16384
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16385
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16386
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "urlmon.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71d90000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "101"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71e00fb0"
              }
            ],
            "repeated": 0,
            "id": 16387
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x09386687",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16388
          },
          {
            "timestamp": "2026-06-28 21:56:19,323",
            "thread_id": "2784",
            "caller": "0x08b834dd",
            "parentcaller": "0x08b831ba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowThreadProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5cef0"
              }
            ],
            "repeated": 0,
            "id": 16389
          },
          {
            "timestamp": "2026-06-28 21:56:19,339",
            "thread_id": "2784",
            "caller": "0x08b83b39",
            "parentcaller": "0x08b832c8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16390
          },
          {
            "timestamp": "2026-06-28 21:56:19,354",
            "thread_id": "2784",
            "caller": "0x09306757",
            "parentcaller": "0x0938e1b8",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00001024"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16391
          },
          {
            "timestamp": "2026-06-28 21:56:19,354",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 16392
          },
          {
            "timestamp": "2026-06-28 21:56:19,401",
            "thread_id": "2784",
            "caller": "0x0b26011f",
            "parentcaller": "0x0938f7d0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093c4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16393
          },
          {
            "timestamp": "2026-06-28 21:56:19,401",
            "thread_id": "2784",
            "caller": "0x0b261bbb",
            "parentcaller": "0x0b261b60",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetFamilyName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7353e5b0"
              }
            ],
            "repeated": 0,
            "id": 16394
          },
          {
            "timestamp": "2026-06-28 21:56:19,401",
            "thread_id": "2784",
            "caller": "0x0b262611",
            "parentcaller": "0x0b2625d1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016db0"
              }
            ],
            "repeated": 0,
            "id": 16395
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b26272d",
            "parentcaller": "0x0b2626de",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016e70"
              }
            ],
            "repeated": 0,
            "id": 16396
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b2628ef",
            "parentcaller": "0x0b2626e6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093c5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16397
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262a77",
            "parentcaller": "0x0b262a44",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SaveDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75017070"
              }
            ],
            "repeated": 0,
            "id": 16398
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262b7b",
            "parentcaller": "0x0b262b4a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015fe0"
              }
            ],
            "repeated": 0,
            "id": 16399
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262c01",
            "parentcaller": "0x0b262b9f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16400
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262c01",
            "parentcaller": "0x0b262b9f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateFontIndirectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015ef0"
              }
            ],
            "repeated": 0,
            "id": 16401
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262c60",
            "parentcaller": "0x0b262bdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16402
          },
          {
            "timestamp": "2026-06-28 21:56:19,417",
            "thread_id": "2784",
            "caller": "0x0b262c60",
            "parentcaller": "0x0b262bdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016d70"
              }
            ],
            "repeated": 0,
            "id": 16403
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b2636e0",
            "parentcaller": "0x0b26338c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SelectObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016cc0"
              }
            ],
            "repeated": 0,
            "id": 16404
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b26390c",
            "parentcaller": "0x0b263857",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetMapMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750183a0"
              }
            ],
            "repeated": 0,
            "id": 16405
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b263930",
            "parentcaller": "0x0b263897",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetTextMetricsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016f60"
              }
            ],
            "repeated": 0,
            "id": 16406
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b263a4d",
            "parentcaller": "0x0b263015",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DrawTextExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4eb70"
              }
            ],
            "repeated": 0,
            "id": 16407
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b263a4d",
            "parentcaller": "0x0b263015",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DrawTextExWW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16408
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16409
          },
          {
            "timestamp": "2026-06-28 21:56:19,432",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16410
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16411
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16412
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 16413
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16414
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000109",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink"
              }
            ],
            "repeated": 0,
            "id": 16415
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "KeyInformation",
                "value": "x\\x7f,\\xffc9}\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00C\\x00\\x00\\x006\\x00\\x00\\x00\\xff84\\x03\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 16416
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089fe000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16417
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16418
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16419
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16420
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16421
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16422
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16423
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16424
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16425
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16426
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16427
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16428
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16429
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16430
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16431
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16432
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16433
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16434
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16435
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16436
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16437
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16438
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16439
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16440
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16441
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16442
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16443
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16444
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16445
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16446
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16447
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16448
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16449
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16450
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16451
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16452
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16453
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16454
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16455
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16456
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16457
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16458
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16459
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16460
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16461
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16462
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16463
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16464
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16465
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16466
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16467
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16468
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16469
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16470
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16471
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16472
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16473
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16474
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16475
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16476
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16477
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16478
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16479
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16480
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16481
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16482
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16483
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16484
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16485
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16486
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16487
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16488
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16489
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16490
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16491
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16492
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16493
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16494
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16495
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16496
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16497
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16498
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16499
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16500
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16501
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16502
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16503
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16504
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16505
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16506
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16507
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16508
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16509
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16510
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16511
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16512
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16513
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16514
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16515
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16516
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16517
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16518
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16519
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16520
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16521
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16522
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16523
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16524
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16525
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16526
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16527
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16528
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16529
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16530
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16531
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16532
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16533
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16534
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16535
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16536
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16537
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16538
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16539
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16540
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16541
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16542
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16543
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16544
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16545
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16546
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16547
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16548
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16549
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16550
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16551
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateValueKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d4"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "KeyValueInformationClass",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16552
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d4"
              }
            ],
            "repeated": 0,
            "id": 16553
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00007000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16554
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "GetUserDefaultLCID",
            "status": true,
            "return": "0x00000409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 16555
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16556
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0"
              }
            ],
            "repeated": 0,
            "id": 16557
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "Disable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable"
              }
            ],
            "repeated": 0,
            "id": 16558
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d0"
              },
              {
                "name": "ValueName",
                "value": "DataFilePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath"
              }
            ],
            "repeated": 0,
            "id": 16559
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d0"
              }
            ],
            "repeated": 0,
            "id": 16560
          },
          {
            "timestamp": "2026-06-28 21:56:19,448",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\staticcache.dat"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16561
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x00\\x00&\\x01\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 16562
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006d0"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              },
              {
                "name": "Buffer",
                "value": "\\x1a\\x83W\\xa5\\x02\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00$\\x01\\x00\\x00$)\\x00\\x00\\x00\\x00\\x02\\x00\\xbe\\x02\\x00\\x00<\\x00\\x00\\x00$!\\x00\\x00L)\\x00\\x00\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "60"
              }
            ],
            "repeated": 0,
            "id": 16563
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006d0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\StaticCache.dat"
              }
            ],
            "repeated": 0,
            "id": 16564
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b270000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3cbf0"
              },
              {
                "name": "ViewSize",
                "value": "0x01260000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16565
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16566
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a1d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16567
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 16568
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 16569
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 16570
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 16571
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 16572
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 16573
          },
          {
            "timestamp": "2026-06-28 21:56:19,464",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006cc"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 16574
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x709e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00094000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16575
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16576
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16577
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a71000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16578
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 16579
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16580
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70a71000"
              },
              {
                "name": "ModuleName",
                "value": "TextShaping.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16581
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16582
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16583
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16584
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\TextShaping.dll"
              }
            ],
            "repeated": 0,
            "id": 16585
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\TextShaping.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 16586
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16587
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\TextShaping"
              },
              {
                "name": "DllBase",
                "value": "0x709e0000"
              }
            ],
            "repeated": 0,
            "id": 16588
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\TextShaping"
              },
              {
                "name": "BaseAddress",
                "value": "0x709e0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70a6f2b0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16589
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f43000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16590
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x74f43000"
              },
              {
                "name": "ModuleName",
                "value": "gdi32full.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16591
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a01000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16592
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16593
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 16594
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1"
              }
            ],
            "repeated": 0,
            "id": 16595
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane2"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "SimSun-ExtB"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2"
              }
            ],
            "repeated": 1,
            "id": 16596
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane3"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3"
              }
            ],
            "repeated": 0,
            "id": 16597
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4"
              }
            ],
            "repeated": 0,
            "id": 16598
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane5"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5"
              }
            ],
            "repeated": 0,
            "id": 16599
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane6"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6"
              }
            ],
            "repeated": 0,
            "id": 16600
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane7"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7"
              }
            ],
            "repeated": 0,
            "id": 16601
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane8"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8"
              }
            ],
            "repeated": 0,
            "id": 16602
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane9"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9"
              }
            ],
            "repeated": 0,
            "id": 16603
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane10"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10"
              }
            ],
            "repeated": 0,
            "id": 16604
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane11"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11"
              }
            ],
            "repeated": 0,
            "id": 16605
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane12"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12"
              }
            ],
            "repeated": 0,
            "id": 16606
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane13"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13"
              }
            ],
            "repeated": 0,
            "id": 16607
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane14"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14"
              }
            ],
            "repeated": 0,
            "id": 16608
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane15"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15"
              }
            ],
            "repeated": 0,
            "id": 16609
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ValueName",
                "value": "Plane16"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16"
              }
            ],
            "repeated": 0,
            "id": 16610
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16611
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16612
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000109",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 16613
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "KeyInformation",
                "value": "\\xffb4\\xfff3\\xff9a~\\xffe3\\xffac\\xffd5\\x01\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x18\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 16614
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 16615
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 16616
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 16617
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006cc"
              },
              {
                "name": "Index",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16618
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006cc"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Segoe UI"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI"
              }
            ],
            "repeated": 0,
            "id": 16619
          },
          {
            "timestamp": "2026-06-28 21:56:19,479",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006cc"
              }
            ],
            "repeated": 0,
            "id": 16620
          },
          {
            "timestamp": "2026-06-28 21:56:19,495",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x089fb000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16621
          },
          {
            "timestamp": "2026-06-28 21:56:19,510",
            "thread_id": "2784",
            "caller": "0x0b265b85",
            "parentcaller": "0x0b265a41",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093c7000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16622
          },
          {
            "timestamp": "2026-06-28 21:56:19,510",
            "thread_id": "2784",
            "caller": "0x0b266093",
            "parentcaller": "0x0b265d9b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "MonitorFromRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4b640"
              }
            ],
            "repeated": 0,
            "id": 16623
          },
          {
            "timestamp": "2026-06-28 21:56:19,510",
            "thread_id": "2784",
            "caller": "0x0b2662e2",
            "parentcaller": "0x0b26609f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16624
          },
          {
            "timestamp": "2026-06-28 21:56:19,510",
            "thread_id": "2784",
            "caller": "0x0b2662e2",
            "parentcaller": "0x0b26609f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetMonitorInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d55220"
              }
            ],
            "repeated": 0,
            "id": 16625
          },
          {
            "timestamp": "2026-06-28 21:56:19,526",
            "thread_id": "2784",
            "caller": "0x0b2665da",
            "parentcaller": "0x0b266394",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16626
          },
          {
            "timestamp": "2026-06-28 21:56:19,526",
            "thread_id": "2784",
            "caller": "0x0b2665da",
            "parentcaller": "0x0b266394",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDCW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750154c0"
              }
            ],
            "repeated": 0,
            "id": 16627
          },
          {
            "timestamp": "2026-06-28 21:56:19,526",
            "thread_id": "2784",
            "caller": "0x0b266718",
            "parentcaller": "0x0b2663d5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750168b0"
              }
            ],
            "repeated": 0,
            "id": 16628
          },
          {
            "timestamp": "2026-06-28 21:56:19,526",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 3,
            "id": 16629
          },
          {
            "timestamp": "2026-06-28 21:56:19,557",
            "thread_id": "2784",
            "caller": "0x0b2682b9",
            "parentcaller": "0x0b2681f7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetDoubleClickTime"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63e50"
              }
            ],
            "repeated": 0,
            "id": 16630
          },
          {
            "timestamp": "2026-06-28 21:56:19,557",
            "thread_id": "2784",
            "caller": "0x07cfffda",
            "parentcaller": "0x0930ff20",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0801a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16631
          },
          {
            "timestamp": "2026-06-28 21:56:19,557",
            "thread_id": "2784",
            "caller": "0x0b2683b5",
            "parentcaller": "0x0b26822b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromStream"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735132a0"
              }
            ],
            "repeated": 0,
            "id": 16632
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\WindowsCodecs"
              },
              {
                "name": "DllBase",
                "value": "0x70860000"
              }
            ],
            "repeated": 0,
            "id": 16633
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70860000"
              }
            ],
            "repeated": 0,
            "id": 16634
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WindowsCodecs.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70860000"
              },
              {
                "name": "FunctionName",
                "value": "DllGetClassObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x708ba870"
              }
            ],
            "repeated": 0,
            "id": 16635
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 16636
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16637
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16638
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16639
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              }
            ],
            "repeated": 0,
            "id": 16640
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}"
              }
            ],
            "repeated": 0,
            "id": 16641
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16642
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16643
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16644
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16645
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              }
            ],
            "repeated": 0,
            "id": 16646
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}"
              }
            ],
            "repeated": 0,
            "id": 16647
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16648
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16649
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16650
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16651
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              }
            ],
            "repeated": 0,
            "id": 16652
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}"
              }
            ],
            "repeated": 0,
            "id": 16653
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16654
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16655
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16656
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16657
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              }
            ],
            "repeated": 0,
            "id": 16658
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}"
              }
            ],
            "repeated": 0,
            "id": 16659
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16660
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16661
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16662
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16663
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              }
            ],
            "repeated": 0,
            "id": 16664
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}"
              }
            ],
            "repeated": 0,
            "id": 16665
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16666
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16667
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16668
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16669
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              }
            ],
            "repeated": 0,
            "id": 16670
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}"
              }
            ],
            "repeated": 0,
            "id": 16671
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16672
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16673
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16674
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16675
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              }
            ],
            "repeated": 0,
            "id": 16676
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}"
              }
            ],
            "repeated": 0,
            "id": 16677
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006da"
              }
            ],
            "repeated": 0,
            "id": 16678
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16679
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16680
          },
          {
            "timestamp": "2026-06-28 21:56:19,573",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16681
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              }
            ],
            "repeated": 0,
            "id": 16682
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}"
              }
            ],
            "repeated": 0,
            "id": 16683
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16684
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16685
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16686
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16687
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              }
            ],
            "repeated": 0,
            "id": 16688
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}"
              }
            ],
            "repeated": 0,
            "id": 16689
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16690
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16691
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16692
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16693
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              }
            ],
            "repeated": 0,
            "id": 16694
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}"
              }
            ],
            "repeated": 0,
            "id": 16695
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16696
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16697
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16698
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16699
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              }
            ],
            "repeated": 0,
            "id": 16700
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}"
              }
            ],
            "repeated": 0,
            "id": 16701
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16702
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16703
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16704
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16705
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              }
            ],
            "repeated": 0,
            "id": 16706
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}"
              }
            ],
            "repeated": 0,
            "id": 16707
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16708
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16709
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16710
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16711
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              }
            ],
            "repeated": 0,
            "id": 16712
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}"
              }
            ],
            "repeated": 0,
            "id": 16713
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16714
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16715
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16716
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16717
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              }
            ],
            "repeated": 0,
            "id": 16718
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}"
              }
            ],
            "repeated": 0,
            "id": 16719
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16720
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16721
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16722
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16723
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              }
            ],
            "repeated": 0,
            "id": 16724
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}"
              }
            ],
            "repeated": 0,
            "id": 16725
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16726
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16727
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16728
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16729
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              }
            ],
            "repeated": 0,
            "id": 16730
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}"
              }
            ],
            "repeated": 0,
            "id": 16731
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16732
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16733
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16734
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16735
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              }
            ],
            "repeated": 0,
            "id": 16736
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}"
              }
            ],
            "repeated": 0,
            "id": 16737
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16738
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16739
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16740
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16741
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 16742
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance"
              }
            ],
            "repeated": 0,
            "id": 16743
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 16744
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002_Classes"
              },
              {
                "name": "KeyInformationClass",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 16745
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000056a"
              },
              {
                "name": "KeyInformation",
                "value": "\\x01\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 16746
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000056a"
              },
              {
                "name": "ObjectAttributesName",
                "value": "CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              }
            ],
            "repeated": 0,
            "id": 16747
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled"
              }
            ],
            "repeated": 0,
            "id": 16748
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b268caa",
            "parentcaller": "0x0b2683b5",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e2"
              }
            ],
            "repeated": 0,
            "id": 16749
          },
          {
            "timestamp": "2026-06-28 21:56:19,589",
            "thread_id": "2784",
            "caller": "0x0b2683cb",
            "parentcaller": "0x0b26822b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipImageForceValidation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350b590"
              }
            ],
            "repeated": 0,
            "id": 16750
          },
          {
            "timestamp": "2026-06-28 21:56:19,729",
            "thread_id": "2784",
            "caller": "0x0b269484",
            "parentcaller": "0x0b269229",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093ac000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16751
          },
          {
            "timestamp": "2026-06-28 21:56:19,729",
            "thread_id": "2784",
            "caller": "0x0b269484",
            "parentcaller": "0x0b269229",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageRawFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73507780"
              }
            ],
            "repeated": 0,
            "id": 16752
          },
          {
            "timestamp": "2026-06-28 21:56:19,729",
            "thread_id": "2784",
            "caller": "0x0b268287",
            "parentcaller": "0x0b267b24",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x093ca000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16753
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a390",
            "parentcaller": "0x0b26a351",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageWidth"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735119c0"
              }
            ],
            "repeated": 0,
            "id": 16754
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a480",
            "parentcaller": "0x0b26a35a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageHeight"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73511be0"
              }
            ],
            "repeated": 0,
            "id": 16755
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a4e0",
            "parentcaller": "0x0b26a061",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateBitmapFromScan0"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e1c90"
              }
            ],
            "repeated": 0,
            "id": 16756
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a6d8",
            "parentcaller": "0x0b26a5e8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImagePixelFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73511ad0"
              }
            ],
            "repeated": 0,
            "id": 16757
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a60c",
            "parentcaller": "0x0b26a06f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetImageGraphicsContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e4ba0"
              }
            ],
            "repeated": 0,
            "id": 16758
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a719",
            "parentcaller": "0x0b26a09b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGraphicsClear"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e30d0"
              }
            ],
            "repeated": 0,
            "id": 16759
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a761",
            "parentcaller": "0x0b26a0c9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateImageAttributes"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e2e80"
              }
            ],
            "repeated": 0,
            "id": 16760
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26a1c3",
            "parentcaller": "0x0b268287",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetImageAttributesColorKeys"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e2dd0"
              }
            ],
            "repeated": 0,
            "id": 16761
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26aa13",
            "parentcaller": "0x0b26a1fa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDrawImageRectRectI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73500880"
              }
            ],
            "repeated": 0,
            "id": 16762
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26acdf",
            "parentcaller": "0x0b26ac4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDisposeImageAttributes"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e2fb0"
              }
            ],
            "repeated": 0,
            "id": 16763
          },
          {
            "timestamp": "2026-06-28 21:56:19,745",
            "thread_id": "2784",
            "caller": "0x0b26ade7",
            "parentcaller": "0x0b26ad54",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDisposeImage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73515df0"
              }
            ],
            "repeated": 0,
            "id": 16764
          },
          {
            "timestamp": "2026-06-28 21:56:19,776",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 16,
            "id": 16765
          },
          {
            "timestamp": "2026-06-28 21:56:19,807",
            "thread_id": "2784",
            "caller": "0x08b869fe",
            "parentcaller": "0x07f39a20",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64750"
              }
            ],
            "repeated": 0,
            "id": 16766
          },
          {
            "timestamp": "2026-06-28 21:56:19,823",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08003000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16767
          },
          {
            "timestamp": "2026-06-28 21:56:19,823",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08005000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16768
          },
          {
            "timestamp": "2026-06-28 21:56:19,823",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 16769
          },
          {
            "timestamp": "2026-06-28 21:56:19,823",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 16770
          },
          {
            "timestamp": "2026-06-28 21:56:19,823",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 16771
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16772
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x07fa199d",
            "parentcaller": "0x07fa191d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b200000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16773
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x0b26ec36",
            "parentcaller": "0x0b26eb8b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "MapWindowPoints"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d570b0"
              }
            ],
            "repeated": 0,
            "id": 16774
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 2,
            "id": 16775
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x08b86a41",
            "parentcaller": "0x09300bd0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "InvalidateRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64380"
              }
            ],
            "repeated": 0,
            "id": 16776
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 16777
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x0b266846",
            "parentcaller": "0x0b265da8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05662000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16778
          },
          {
            "timestamp": "2026-06-28 21:56:19,854",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 44,
            "id": 16779
          },
          {
            "timestamp": "2026-06-28 21:56:19,901",
            "thread_id": "2784",
            "caller": "0x08b87fbf",
            "parentcaller": "0x093827b3",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05672000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16780
          },
          {
            "timestamp": "2026-06-28 21:56:19,901",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 62,
            "id": 16781
          },
          {
            "timestamp": "2026-06-28 21:56:19,948",
            "thread_id": "2784",
            "caller": "0x07b27665",
            "parentcaller": "0x07d46a7a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05682000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16782
          },
          {
            "timestamp": "2026-06-28 21:56:19,948",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 53,
            "id": 16783
          },
          {
            "timestamp": "2026-06-28 21:56:19,964",
            "thread_id": "2784",
            "caller": "0x0b266846",
            "parentcaller": "0x0b265da8",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x05692000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16784
          },
          {
            "timestamp": "2026-06-28 21:56:19,964",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 41,
            "id": 16785
          },
          {
            "timestamp": "2026-06-28 21:56:20,010",
            "thread_id": "2784",
            "caller": "0x09305d55",
            "parentcaller": "0x09305b08",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056a2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16786
          },
          {
            "timestamp": "2026-06-28 21:56:20,010",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 96,
            "id": 16787
          },
          {
            "timestamp": "2026-06-28 21:56:20,026",
            "thread_id": "2784",
            "caller": "0x09305d55",
            "parentcaller": "0x09305b08",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056b2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16788
          },
          {
            "timestamp": "2026-06-28 21:56:20,026",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 13,
            "id": 16789
          },
          {
            "timestamp": "2026-06-28 21:56:20,042",
            "thread_id": "2784",
            "caller": "0x0b210e75",
            "parentcaller": "0x0b210e49",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "UpdateWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d56d80"
              }
            ],
            "repeated": 0,
            "id": 16790
          },
          {
            "timestamp": "2026-06-28 21:56:20,073",
            "thread_id": "2784",
            "caller": "0x0b213a59",
            "parentcaller": "0x07febd71",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0801b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16791
          },
          {
            "timestamp": "2026-06-28 21:56:20,073",
            "thread_id": "2784",
            "caller": "0x07e7256b",
            "parentcaller": "0x07e72407",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config"
              }
            ],
            "repeated": 0,
            "id": 16792
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 16793
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en-US/livehtml.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 16794
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en-US/livehtml.resources/livehtml.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 16795
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 16796
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en-US/livehtml.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 16797
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en-US/livehtml.resources/livehtml.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 16798
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 16799
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources\\livehtml.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 16800
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 16801
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources\\livehtml.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 16802
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 16803
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x88\\xc2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00 \\x00\\x00\\x00\\xf0\\xe4\\xa4s\\xb8\\xc2\\xf3\\x00\\x1a\\xe5\\xa4s \\x00\\x00\\x00\\xcc\\xc2\\xf3\\x00\\xb7\\xe4\\xa4s\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa4\\xc3\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 16804
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 16805
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16806
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16807
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 16808
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 16809
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000001",
                "pretty_value": "HKEY_CURRENT_USER"
              },
              {
                "name": "SubKey",
                "value": "Software\\Microsoft\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 16810
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000002",
                "pretty_value": "HKEY_LOCAL_MACHINE"
              },
              {
                "name": "SubKey",
                "value": "SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              },
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global"
              }
            ],
            "repeated": 0,
            "id": 16811
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "ValueName",
                "value": "office,fileVersion=\"15.0.4613.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\office,fileVersion=\"15.0.4613.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16812
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "1"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16813
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "2"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16814
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "3"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.office,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16815
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "4"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Vbe.Interop,fileVersion=\"15.0.4561.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Vbe.Interop,fileVersion=\"15.0.4561.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16816
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "5"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16817
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "6"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16818
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "7"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Vbe.Interop,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16819
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "8"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.StdFormat,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.StdFormat,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16820
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "9"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.mshtml,fileVersion=\"7.0.3300.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.mshtml,fileVersion=\"7.0.3300.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16821
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "10"
              },
              {
                "name": "ValueName",
                "value": "MSDATASRC,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\MSDATASRC,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16822
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "11"
              },
              {
                "name": "ValueName",
                "value": "ADODB,fileVersion=\"7.10.2346.0\",version=\"7.0.3300.00\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\ADODB,fileVersion=\"7.10.2346.0\",version=\"7.0.3300.00\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16823
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "12"
              },
              {
                "name": "ValueName",
                "value": "stdole,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\stdole,fileVersion=\"7.0.9466.0\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16824
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "13"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16825
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "14"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16826
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "15"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16827
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "16"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16828
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "17"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16829
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "18"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16830
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "19"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16831
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "20"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16832
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "21"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16833
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "22"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16834
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "23"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16835
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "24"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16836
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "25"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Outlook.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Outlook.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16837
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "26"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Excel.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Excel.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16838
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "27"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Word.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Word.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16839
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "28"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16840
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "29"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16841
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "30"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16842
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "31"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Common.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Common.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16843
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "32"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16844
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "33"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16845
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "34"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16846
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "35"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16847
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "36"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Contract.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16848
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "37"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Contract.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16849
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "38"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16850
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "39"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16851
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "40"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16852
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "41"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0,fileVersion=\"9.0.30729.7079\",version=\"9.0.0.00000000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16853
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "42"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16854
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "43"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16855
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "44"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Runtime,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Runtime,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16856
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "45"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.Hosting,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.Hosting,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16857
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "46"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Applications.ServerDocument,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Applications.ServerDocument,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16858
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "47"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.v4.0.Framework,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.v4.0.Framework,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16859
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "48"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16860
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "49"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Common,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Common,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16861
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "50"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Excel,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Excel,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16862
          },
          {
            "timestamp": "2026-06-28 21:56:20,089",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "51"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Outlook,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Outlook,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16863
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "52"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Word,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Word,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16864
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "53"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Common.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Common.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16865
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "54"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Excel.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Excel.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16866
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "55"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Outlook.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Outlook.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16867
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "56"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Tools.Word.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Tools.Word.Implementation,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16868
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "57"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.ContainerControl,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.ContainerControl,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16869
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "58"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Runtime,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Runtime,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16870
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "59"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.VisualStudio.Tools.Office.Runtime.Internal,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.VisualStudio.Tools.Office.Runtime.Internal,fileVersion=\"10.0.60301.0\",version=\"10.0.0.00000\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16871
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "60"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16872
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "61"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16873
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "62"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Access.Dao,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16874
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "63"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Vbe.Interop.Forms,fileVersion=\"15.0.4569.1507\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Vbe.Interop.Forms,fileVersion=\"15.0.4569.1507\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16875
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "64"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16876
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "65"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16877
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "66"
              },
              {
                "name": "ValueName",
                "value": "Policy.15.0.Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.15.0.Microsoft.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16878
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "67"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16879
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "68"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Runtime.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Runtime.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16880
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "69"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.RuntimeUi,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.RuntimeUi,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16881
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "70"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.RuntimeUi.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.RuntimeUi.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16882
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "71"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16883
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "72"
              },
              {
                "name": "ValueName",
                "value": "Policy.15.0.Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.15.0.Microsoft.Office.BusinessApplications.Runtime,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16884
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "73"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16885
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "74"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"14.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"14.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16886
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "75"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Tools.AutoGen,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Tools.AutoGen,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16887
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "76"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.SharePoint.BusinessData.Administration.Client,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.SharePoint.BusinessData.Administration.Client,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16888
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "77"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.SharePoint.BusinessData.Administration.Client.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.SharePoint.BusinessData.Administration.Client.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16889
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "78"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Diagnostics,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Diagnostics,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16890
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "79"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16891
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "80"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessData.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessData.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16892
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "81"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16893
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "82"
              },
              {
                "name": "ValueName",
                "value": "Policy.15.0.Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.15.0.Microsoft.Office.BusinessData,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16894
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "83"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16895
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "84"
              },
              {
                "name": "ValueName",
                "value": "Policy.15.0.Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.15.0.Microsoft.Office.BusinessApplications.Fba,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16896
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "85"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Tools,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Tools,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16897
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "86"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.Tools.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.Tools.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16898
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "87"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.SyncServices,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.SyncServices,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16899
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "88"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.BusinessApplications.SyncServices.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.BusinessApplications.SyncServices.Intl,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16900
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "89"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16901
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "90"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16902
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "91"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16903
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "92"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Graph,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16904
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "93"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16905
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "94"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16906
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "95"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16907
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "96"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.SmartTag,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16908
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "97"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4569.1506\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4569.1506\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16909
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "98"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16910
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "99"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16911
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "100"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Excel,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16912
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "101"
              },
              {
                "name": "ValueName",
                "value": "Extensibility,fileVersion=\"7.0.9466.1\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Extensibility,fileVersion=\"7.0.9466.1\",version=\"7.0.3300.0\",culture=\"neutral\",publicKeyToken=\"B03F5F7F11D50A3A\""
              }
            ],
            "repeated": 0,
            "id": 16913
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "102"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.AnalysisServices.AdomdClient,fileVersion=\"11.0.9165.1186\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"89845DCD8080CC91\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.AnalysisServices.AdomdClient,fileVersion=\"11.0.9165.1186\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"89845DCD8080CC91\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16914
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "103"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.AnalysisServices.SPClient.Interfaces,fileVersion=\"11.0.9165.1186\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"89845DCD8080CC91\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.AnalysisServices.SPClient.Interfaces,fileVersion=\"11.0.9165.1186\",version=\"11.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"89845DCD8080CC91\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16915
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "104"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16916
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "105"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"12.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"12.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16917
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "106"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.OneNote,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16918
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "107"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16919
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "108"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16920
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "109"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16921
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "110"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Outlook,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16922
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "111"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16923
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "112"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16924
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "113"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16925
          },
          {
            "timestamp": "2026-06-28 21:56:20,104",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "114"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16926
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "115"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16927
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "116"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16928
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "117"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16929
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "118"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.PowerPoint,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16930
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "119"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16931
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "120"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16932
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "121"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16933
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "122"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Publisher,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16934
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "123"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Word,fileVersion=\"15.0.4603.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Word,fileVersion=\"15.0.4603.1000\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16935
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "124"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16936
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "125"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16937
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "126"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Word,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16938
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "127"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Access.BusinessDataCatalog,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"AMD64\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Access.BusinessDataCatalog,fileVersion=\"16.0.4266.1001\",version=\"16.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"AMD64\""
              }
            ],
            "repeated": 0,
            "id": 16939
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "128"
              },
              {
                "name": "ValueName",
                "value": "Microsoft.Office.Interop.Access,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Microsoft.Office.Interop.Access,fileVersion=\"15.0.4569.1507\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16940
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "129"
              },
              {
                "name": "ValueName",
                "value": "Policy.11.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.11.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16941
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "130"
              },
              {
                "name": "ValueName",
                "value": "Policy.12.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.12.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16942
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "131"
              },
              {
                "name": "ValueName",
                "value": "Policy.14.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              },
              {
                "name": "Type",
                "value": "7",
                "pretty_value": "REG_MULTI_SZ"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\Policy.14.0.Microsoft.Office.Interop.Access,fileVersion=\"15.0.4420.1017\",version=\"15.0.0.0000000\",culture=\"neutral\",publicKeyToken=\"71E9BCE111E9429C\",processorArchitecture=\"MSIL\""
              }
            ],
            "repeated": 0,
            "id": 16943
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegEnumValueW",
            "status": false,
            "return": "0x00000103",
            "pretty_return": "NO_MORE_ITEMS",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              },
              {
                "name": "Index",
                "value": "132"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Type",
                "value": "0",
                "pretty_value": "REG_NONE"
              },
              {
                "name": "DataLength",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global\\"
              }
            ],
            "repeated": 0,
            "id": 16944
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 16945
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en-US\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 16946
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\en\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 16947
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x0c4d0001",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 16948
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0801c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16949
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale"
              }
            ],
            "repeated": 0,
            "id": 16950
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en"
              }
            ],
            "repeated": 0,
            "id": 16951
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 16952
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale"
              }
            ],
            "repeated": 0,
            "id": 16953
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "en"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en"
              }
            ],
            "repeated": 0,
            "id": 16954
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 16955
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 16956
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x07d491c5",
            "parentcaller": "0x07d4917b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "ResolveLocaleName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x751656e0"
              }
            ],
            "repeated": 0,
            "id": 16957
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 16958
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en/livehtml.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 16959
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en/livehtml.resources/livehtml.resources.DLL"
              }
            ],
            "repeated": 0,
            "id": 16960
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/"
              }
            ],
            "repeated": 0,
            "id": 16961
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en/livehtml.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 16962
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "UrlCanonicalizeW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Url",
                "value": "C:/Users/Rajesh/AppData/Local/Temp/en/livehtml.resources/livehtml.resources.EXE"
              }
            ],
            "repeated": 0,
            "id": 16963
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 16964
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources\\livehtml.resources.dll"
              }
            ],
            "repeated": 0,
            "id": 16965
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 16966
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b21499f",
            "parentcaller": "0x0b2142ca",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources\\livehtml.resources.exe"
              }
            ],
            "repeated": 0,
            "id": 16967
          },
          {
            "timestamp": "2026-06-28 21:56:20,120",
            "thread_id": "2784",
            "caller": "0x0b216e85",
            "parentcaller": "0x0b216922",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0801d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16968
          },
          {
            "timestamp": "2026-06-28 21:56:20,167",
            "thread_id": "2784",
            "caller": "0x0b219090",
            "parentcaller": "0x0b218b4c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b221000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16969
          },
          {
            "timestamp": "2026-06-28 21:56:20,167",
            "thread_id": "2784",
            "caller": "0x0b21dcbe",
            "parentcaller": "0x0b217965",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b222000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16970
          },
          {
            "timestamp": "2026-06-28 21:56:20,198",
            "thread_id": "2784",
            "caller": "0x07b2cfbe",
            "parentcaller": "0x07b2cccd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b240000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16971
          },
          {
            "timestamp": "2026-06-28 21:56:20,198",
            "thread_id": "2784",
            "caller": "0x07b2cfbe",
            "parentcaller": "0x07b2cccd",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b240000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16972
          },
          {
            "timestamp": "2026-06-28 21:56:20,214",
            "thread_id": "2784",
            "caller": "0x0b2192d1",
            "parentcaller": "0x0b2338ba",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b226000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16973
          },
          {
            "timestamp": "2026-06-28 21:56:20,214",
            "thread_id": "2784",
            "caller": "0x0b217f84",
            "parentcaller": "0x0b234123",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056c2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16974
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b235734",
            "parentcaller": "0x0b2354cb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMetrics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d571c0"
              }
            ],
            "repeated": 0,
            "id": 16975
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b2357c5",
            "parentcaller": "0x0b2354cb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetDeviceCaps"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015fe0"
              }
            ],
            "repeated": 0,
            "id": 16976
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b2360a2",
            "parentcaller": "0x0b235b53",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateIconFromResourceEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d470f0"
              }
            ],
            "repeated": 0,
            "id": 16977
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b236d66",
            "parentcaller": "0x0b23688f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016db0"
              }
            ],
            "repeated": 0,
            "id": 16978
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b236da9",
            "parentcaller": "0x0b23688f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SelectObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016cc0"
              }
            ],
            "repeated": 0,
            "id": 16979
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b236f70",
            "parentcaller": "0x0b236dc8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetTextMetricsW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016f60"
              }
            ],
            "repeated": 0,
            "id": 16980
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b237047",
            "parentcaller": "0x0b236dfe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetTextExtentPoint32W"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016d10"
              }
            ],
            "repeated": 0,
            "id": 16981
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b2370e8",
            "parentcaller": "0x0b237047",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16982
          },
          {
            "timestamp": "2026-06-28 21:56:20,245",
            "thread_id": "2784",
            "caller": "0x0b2370e8",
            "parentcaller": "0x0b237047",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75030000"
              },
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16983
          },
          {
            "timestamp": "2026-06-28 21:56:20,260",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 16984
          },
          {
            "timestamp": "2026-06-28 21:56:20,260",
            "thread_id": "2784",
            "caller": "0x0b238ff3",
            "parentcaller": "0x0b238e5c",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b251000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16985
          },
          {
            "timestamp": "2026-06-28 21:56:20,260",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 4,
            "id": 16986
          },
          {
            "timestamp": "2026-06-28 21:56:20,276",
            "thread_id": "2784",
            "caller": "0x0b23b0b8",
            "parentcaller": "0x0b23af6f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b252000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16987
          },
          {
            "timestamp": "2026-06-28 21:56:20,276",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 3,
            "id": 16988
          },
          {
            "timestamp": "2026-06-28 21:56:20,276",
            "thread_id": "2784",
            "caller": "0x0b23c8ab",
            "parentcaller": "0x0b23c7ef",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "IsThemePartDefined"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738ad6a0"
              }
            ],
            "repeated": 0,
            "id": 16989
          },
          {
            "timestamp": "2026-06-28 21:56:20,276",
            "thread_id": "2784",
            "caller": "0x0b23c8ab",
            "parentcaller": "0x0b23c7ef",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "IsThemePartDefinedW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 16990
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23ccf1",
            "parentcaller": "0x0b23cb19",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b253000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 16991
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d249",
            "parentcaller": "0x0b23d1e3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateRegion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734f96a0"
              }
            ],
            "repeated": 0,
            "id": 16992
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d201",
            "parentcaller": "0x0b23cf72",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetClip"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734f9580"
              }
            ],
            "repeated": 0,
            "id": 16993
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d351",
            "parentcaller": "0x0b23d2eb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateMatrix"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735048b0"
              }
            ],
            "repeated": 0,
            "id": 16994
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d309",
            "parentcaller": "0x0b23cf7b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetWorldTransform"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350ea40"
              }
            ],
            "repeated": 0,
            "id": 16995
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d3b8",
            "parentcaller": "0x0b23cfbb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipIsMatrixIdentity"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350fb00"
              }
            ],
            "repeated": 0,
            "id": 16996
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d415",
            "parentcaller": "0x0b23ce40",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LocalAlloc"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75150460"
              }
            ],
            "repeated": 0,
            "id": 16997
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d427",
            "parentcaller": "0x0b23ce40",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetMatrixElements"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350d920"
              }
            ],
            "repeated": 0,
            "id": 16998
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d609",
            "parentcaller": "0x0b23d478",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "LocalFree"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7514f530"
              }
            ],
            "repeated": 0,
            "id": 16999
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d78f",
            "parentcaller": "0x0b23d754",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteMatrix"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350a8b0"
              }
            ],
            "repeated": 0,
            "id": 17000
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d7d8",
            "parentcaller": "0x0b23ce63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipIsInfiniteRegion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734f9490"
              }
            ],
            "repeated": 0,
            "id": 17001
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23d9d7",
            "parentcaller": "0x0b23d944",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteRegion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350f900"
              }
            ],
            "repeated": 0,
            "id": 17002
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23da10",
            "parentcaller": "0x0b23ce88",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734c6c50"
              }
            ],
            "repeated": 0,
            "id": 17003
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x0b23dbd2",
            "parentcaller": "0x0b23cf30",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "OffsetViewportOrgEx"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75018420"
              }
            ],
            "repeated": 0,
            "id": 17004
          },
          {
            "timestamp": "2026-06-28 21:56:20,307",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 17005
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b23cbc0",
            "parentcaller": "0x0b23c54e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetThemePartSize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738ade50"
              }
            ],
            "repeated": 0,
            "id": 17006
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b23cbc0",
            "parentcaller": "0x0b23c54e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetThemePartSizeW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17007
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b23de12",
            "parentcaller": "0x0b23cbc0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b85000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17008
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b23e004",
            "parentcaller": "0x0b23df27",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "RestoreDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75017030"
              }
            ],
            "repeated": 0,
            "id": 17009
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b23e8b7",
            "parentcaller": "0x0b23e860",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipReleaseDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734c6a40"
              }
            ],
            "repeated": 0,
            "id": 17010
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17011
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000109",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback"
              }
            ],
            "repeated": 0,
            "id": 17012
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000101",
                "pretty_value": "KEY_QUERY_VALUE|KEY_WOW64_64KEY"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000006e0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft Sans Serif"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Microsoft Sans Serif"
              }
            ],
            "repeated": 0,
            "id": 17013
          },
          {
            "timestamp": "2026-06-28 21:56:20,323",
            "thread_id": "2784",
            "caller": "0x0b263b01",
            "parentcaller": "0x0b263a4d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 17014
          },
          {
            "timestamp": "2026-06-28 21:56:20,339",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x0c56071d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x07b86000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17015
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0c560769",
            "parentcaller": "0x0c560293",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17016
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0c560769",
            "parentcaller": "0x0c560293",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetStartupInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151550"
              }
            ],
            "repeated": 0,
            "id": 17017
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetSystemMenu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64120"
              }
            ],
            "repeated": 0,
            "id": 17018
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 17019
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\USER32.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17020
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006e4"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 17021
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006ec"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c550000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3dfa0"
              },
              {
                "name": "ViewSize",
                "value": "0x00005000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17022
          },
          {
            "timestamp": "2026-06-28 21:56:20,354",
            "thread_id": "2784",
            "caller": "0x0b23666f",
            "parentcaller": "0x0b23fb8d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17023
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x0c561014",
            "parentcaller": "0x0b236678",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b255000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17024
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x0c561220",
            "parentcaller": "0x0c561014",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowPlacement"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64210"
              }
            ],
            "repeated": 0,
            "id": 17025
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x0c5610e0",
            "parentcaller": "0x0b236678",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "EnableMenuItem"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d42620"
              }
            ],
            "repeated": 0,
            "id": 17026
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x0c561627",
            "parentcaller": "0x0b23fbb4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClientRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57560"
              }
            ],
            "repeated": 0,
            "id": 17027
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x07f37b1a",
            "parentcaller": "0x0b23f3b5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "ShowWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64c90"
              }
            ],
            "repeated": 0,
            "id": 17028
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x07f3d120",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17029
          },
          {
            "timestamp": "2026-06-28 21:56:20,370",
            "thread_id": "2784",
            "caller": "0x07f3d120",
            "parentcaller": "0x07f3cb17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetClassInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d50830"
              }
            ],
            "repeated": 0,
            "id": 17030
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72890000"
              },
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17031
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72890000"
              },
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17032
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 2,
            "id": 17033
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x0c5624d0",
            "parentcaller": "0x07fa32ba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5e540"
              }
            ],
            "repeated": 0,
            "id": 17034
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x0c562631",
            "parentcaller": "0x0c5625f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17035
          },
          {
            "timestamp": "2026-06-28 21:56:20,385",
            "thread_id": "2784",
            "caller": "0x0c562631",
            "parentcaller": "0x0c5625f8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57de0"
              }
            ],
            "repeated": 0,
            "id": 17036
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17037
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc9\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00p\\x02+\\x01\\xcf~\\x9e\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00X\\xe0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 17038
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17039
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17040
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 17041
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "ScrollInset"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset"
              }
            ],
            "repeated": 0,
            "id": 17042
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17043
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc9\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xa0\\x02+\\x00\\x04\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00p\\x02+\\x01\\xcf~\\x9e\\x08\\xc8~\\x9e\\x08\\x00\\x00\\x00\\x00X\\xe0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 17044
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17045
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17046
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 17047
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "DragDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay"
              }
            ],
            "repeated": 0,
            "id": 17048
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17049
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc9\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xa0\\x02+\\x00\\x04\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00p\\x02+\\x01\\xcf~\\x9e\\x08\\xc8~\\x9e\\x08\\x00\\x00\\x00\\x00X\\xe0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 17050
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17051
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17052
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 17053
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "DragMinDist"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist"
              }
            ],
            "repeated": 0,
            "id": 17054
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17055
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc9\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xa0\\x02+\\x00\\x04\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\x00p\\x02+\\x01\\xcf~\\x9e\\x08\\xc8~\\x9e\\x08\\x00\\x00\\x00\\x00X\\xe0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 17056
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17057
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17058
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 17059
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "ScrollDelay"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay"
              }
            ],
            "repeated": 0,
            "id": 17060
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17061
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "X\\xc9\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xa0\\x02+\\x00\\x03\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00p\\x02+\\x01\\xcf~\\x9e\\x08\\xc8~\\x9e\\x08\\x00\\x00\\x00\\x00X\\xe0\\xf3\\x00@\\xad\\xf7v\\xdfI\\xcbQ"
              }
            ],
            "repeated": 0,
            "id": 17062
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 17063
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17064
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 17065
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "ScrollInterval"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval"
              }
            ],
            "repeated": 0,
            "id": 17066
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17067
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\win.ini"
              }
            ],
            "repeated": 0,
            "id": 17068
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100000",
                "pretty_value": "GENERIC_READ|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17069
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa8\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xa7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17070
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00101000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17071
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17072
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e8"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\win.ini"
              },
              {
                "name": "Buffer",
                "value": "; for 16-bit app support\r\n[fonts]\r\n[extensions]\r\n[mci extensions]\r\n[files]\r\n[Mail]\r\nMAPI=1\r\nCMCDLLNAME32=mapi32.dll\r\nCMC=1\r\nMAPIX=1\r\nMAPIXVER=1.0.0.1\r\nOLEMessaging=1\r\n"
              },
              {
                "name": "Length",
                "value": "167"
              }
            ],
            "repeated": 0,
            "id": 17073
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00101000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 17074
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17075
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17076
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17077
          },
          {
            "timestamp": "2026-06-28 21:56:20,401",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17078
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "GetSystemDefaultLangID",
            "status": true,
            "return": "0x012d0409",
            "arguments": [
              {
                "name": "SystemDefaultLangID",
                "value": "0x012d0409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17079
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17080
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide"
              }
            ],
            "repeated": 0,
            "id": 17081
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "PreferExternalManifest"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest"
              }
            ],
            "repeated": 0,
            "id": 17082
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17083
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x001200a9",
                "pretty_value": "FILE_GENERIC_READ|FILE_GENERIC_EXECUTE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll.Config"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17084
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\uxtheme.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17085
          },
          {
            "timestamp": "2026-06-28 21:56:20,417",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "__notification__",
            "api": "sysenter",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadIdentifier",
                "value": "2784"
              },
              {
                "name": "Module",
                "value": "KERNEL32.dll"
              },
              {
                "name": "Return Address",
                "value": "0x751524ac"
              }
            ],
            "repeated": 0,
            "id": 17086
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17087
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008",
                "pretty_value": "KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\AssemblyStorageRoots"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\AssemblyStorageRoots"
              }
            ],
            "repeated": 0,
            "id": 17088
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.Local\\"
              }
            ],
            "repeated": 0,
            "id": 17089
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100020",
                "pretty_value": "FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984"
              },
              {
                "name": "ShareAccess",
                "value": "3",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE"
              }
            ],
            "repeated": 0,
            "id": 17090
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              }
            ],
            "repeated": 0,
            "id": 17091
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17092
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "HIMAGELIST_QueryInterface"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7273ee70"
              }
            ],
            "repeated": 0,
            "id": 17093
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "DrawShadowText"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a8500"
              }
            ],
            "repeated": 0,
            "id": 17094
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "DrawSizeBox"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72756db0"
              }
            ],
            "repeated": 0,
            "id": 17095
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "DrawScrollBar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72757780"
              }
            ],
            "repeated": 0,
            "id": 17096
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "SizeBoxHwnd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7275a240"
              }
            ],
            "repeated": 0,
            "id": 17097
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "ScrollBar_MouseMove"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a0df0"
              }
            ],
            "repeated": 0,
            "id": 17098
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "ScrollBar_Menu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a0c30"
              }
            ],
            "repeated": 0,
            "id": 17099
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "HandleScrollCmd"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a0ba0"
              }
            ],
            "repeated": 0,
            "id": 17100
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "DetachScrollBars"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72756f40"
              }
            ],
            "repeated": 0,
            "id": 17101
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "AttachScrollBars"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72756f20"
              }
            ],
            "repeated": 0,
            "id": 17102
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "CCSetScrollInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72758190"
              }
            ],
            "repeated": 0,
            "id": 17103
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "CCGetScrollInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7275c220"
              }
            ],
            "repeated": 0,
            "id": 17104
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "CCEnableScrollBar"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727155e0"
              }
            ],
            "repeated": 0,
            "id": 17105
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "QuerySystemGestureStatus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a0be0"
              }
            ],
            "repeated": 0,
            "id": 17106
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 1,
            "id": 17107
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ole32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x754f0000"
              }
            ],
            "repeated": 0,
            "id": 17108
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "OleInitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75513a30"
              }
            ],
            "repeated": 0,
            "id": 17109
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "OleUninitialize"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x755174f0"
              }
            ],
            "repeated": 0,
            "id": 17110
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterDragDrop"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75513b70"
              }
            ],
            "repeated": 0,
            "id": 17111
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleEndPointID"
              },
              {
                "name": "Atom",
                "value": "0x0000c044"
              }
            ],
            "repeated": 0,
            "id": 17112
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17113
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Ole\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 17114
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ValueName",
                "value": "DragDropExtension"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension"
              }
            ],
            "repeated": 0,
            "id": 17115
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9FC8E510-A27C-4B3B-B9A3-BF65F00256A8"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "043250DB-3B6A-4141-8F21-AA2ED2BE3355"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17116
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17117
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:703fa"
              }
            ],
            "repeated": 0,
            "id": 17118
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17119
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x18\\x98\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17120
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e8"
              }
            ],
            "repeated": 0,
            "id": 17121
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:703fa"
              }
            ],
            "repeated": 0,
            "id": 17122
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:703fa"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17123
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d41c"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17124
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17125
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72060000"
              }
            ],
            "repeated": 0,
            "id": 17126
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 17127
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "`\\xe0\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17128
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 17129
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:703fa"
              }
            ],
            "repeated": 0,
            "id": 17130
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d444"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17131
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17132
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006e0"
              }
            ],
            "repeated": 0,
            "id": 17133
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:703fa"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17134
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d46c"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17135
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17136
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "windows",
            "api": "FindWindowW",
            "status": true,
            "return": "0x0001010a",
            "arguments": [
              {
                "name": "ClassName",
                "value": "ApplicationManager_DesktopShellWindow"
              },
              {
                "name": "WindowName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17137
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "{DADEF92C-227E-46C0-93C0-9FFFA4DC07D9}"
              },
              {
                "name": "Atom",
                "value": "0x0000c01f"
              }
            ],
            "repeated": 0,
            "id": 17138
          },
          {
            "timestamp": "2026-06-28 21:56:20,432",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0001010a"
              },
              {
                "name": "Message",
                "value": "0x0000c0c3"
              }
            ],
            "repeated": 0,
            "id": 17139
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c56340b",
            "parentcaller": "0x0c563348",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17140
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c56340b",
            "parentcaller": "0x0c563348",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57de0"
              }
            ],
            "repeated": 0,
            "id": 17141
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c564547",
            "parentcaller": "0x0c562e92",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b257000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17142
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c564430",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17143
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c564430",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57de0"
              }
            ],
            "repeated": 0,
            "id": 17144
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c5644a4",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17145
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c5644a4",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 17146
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c5644a4",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "shell32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x76320000"
              }
            ],
            "repeated": 0,
            "id": 17147
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c5644a4",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x76320000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "shell32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 17148
          },
          {
            "timestamp": "2026-06-28 21:56:20,448",
            "thread_id": "2784",
            "caller": "0x0c5644a4",
            "parentcaller": "0x0c562e92",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHELL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76320000"
              },
              {
                "name": "FunctionName",
                "value": "DragAcceptFiles"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7648ce70"
              }
            ],
            "repeated": 0,
            "id": 17149
          },
          {
            "timestamp": "2026-06-28 21:56:20,464",
            "thread_id": "2784",
            "caller": "0x0c564b41",
            "parentcaller": "0x0c564a56",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17150
          },
          {
            "timestamp": "2026-06-28 21:56:20,464",
            "thread_id": "2784",
            "caller": "0x0c564b41",
            "parentcaller": "0x0c564a56",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57de0"
              }
            ],
            "repeated": 0,
            "id": 17151
          },
          {
            "timestamp": "2026-06-28 21:56:20,464",
            "thread_id": "2784",
            "caller": "0x0c565d64",
            "parentcaller": "0x0c565b87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetForegroundWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62d30"
              }
            ],
            "repeated": 0,
            "id": 17152
          },
          {
            "timestamp": "2026-06-28 21:56:20,479",
            "thread_id": "2784",
            "caller": "0x0c565ef6",
            "parentcaller": "0x0c565e4e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ole32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x754f0000"
              },
              {
                "name": "FunctionName",
                "value": "CoRegisterMessageFilter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7551dc80"
              }
            ],
            "repeated": 0,
            "id": 17153
          },
          {
            "timestamp": "2026-06-28 21:56:20,479",
            "thread_id": "2784",
            "caller": "0x0c566372",
            "parentcaller": "0x0c565df2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b258000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17154
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c567215",
            "parentcaller": "0x0c56713a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b259000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17155
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c567327",
            "parentcaller": "0x0c567215",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetFocus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61220"
              }
            ],
            "repeated": 0,
            "id": 17156
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetFocus"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64a20"
              }
            ],
            "repeated": 0,
            "id": 17157
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17158
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17159
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17160
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17161
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 17162
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17163
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17164
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17165
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x760cd000"
              },
              {
                "name": "ModuleName",
                "value": "IMM32.DLL"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17166
          },
          {
            "timestamp": "2026-06-28 21:56:20,495",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17167
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17168
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49245"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17169
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "ChangeWindowMessageFilter",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "message",
                "value": "49246"
              },
              {
                "name": "dwFlag",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17170
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 17171
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006dc"
              }
            ],
            "repeated": 1,
            "id": 17172
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 17173
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.Asm.MutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 17174
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17175
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              },
              {
                "name": "Milliseconds",
                "value": "2000"
              }
            ],
            "repeated": 0,
            "id": 17176
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "Local\\CTF.AsmListCache.FMPDefault2"
              }
            ],
            "repeated": 0,
            "id": 17177
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d3cc"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17178
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c570000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17179
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006d8"
              }
            ],
            "repeated": 0,
            "id": 17180
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 1,
            "id": 17181
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17182
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\HTMLive.exe"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 17183
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 17184
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "8192"
              }
            ],
            "repeated": 0,
            "id": 17185
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              },
              {
                "name": "MutexName",
                "value": "CicLoadWinStaWinSta0"
              }
            ],
            "repeated": 0,
            "id": 17186
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17187
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtOpenMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              },
              {
                "name": "MutexName",
                "value": "Local\\MSCTF.CtfMonitorInstMutexDefault2"
              }
            ],
            "repeated": 0,
            "id": 17188
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17189
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17190
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 17191
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 17192
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17193
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17194
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17195
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17196
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17197
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE"
              }
            ],
            "repeated": 0,
            "id": 17198
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000006f0"
              },
              {
                "name": "ValueName",
                "value": "LaunchUserOOBE"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE"
              }
            ],
            "repeated": 0,
            "id": 17199
          },
          {
            "timestamp": "2026-06-28 21:56:20,510",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f0"
              }
            ],
            "repeated": 0,
            "id": 17200
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 17201
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 17202
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 17203
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 17204
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 17205
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 17206
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 17207
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f4"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17208
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f4"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 17209
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17210
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17211
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17212
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f4"
              }
            ],
            "repeated": 1,
            "id": 17213
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 17214
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17215
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 17216
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 17217
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17218
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
              }
            ],
            "repeated": 0,
            "id": 17219
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x707a0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000b9000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17220
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17221
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17222
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17223
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17224
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 17225
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17226
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 17227
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17228
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 17229
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17230
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 17231
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70520000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0027e000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17232
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7073a000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17233
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17234
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17235
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7068d000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17236
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 17237
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17238
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "wintypes.dll"
              }
            ],
            "repeated": 2,
            "id": 17239
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 17240
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17241
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17242
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17243
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17244
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70480000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0009b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17245
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17246
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17247
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17248
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x704e6000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17249
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 17250
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17251
          },
          {
            "timestamp": "2026-06-28 21:56:20,526",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 17252
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17253
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 17254
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70450000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00029000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17255
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70475000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17256
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17257
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17258
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70473000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17259
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 17260
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17261
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17262
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              }
            ],
            "repeated": 0,
            "id": 17263
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17264
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\WinTypes.dll"
              }
            ],
            "repeated": 0,
            "id": 17265
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006fc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70370000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x000db000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17266
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70432000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17267
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17268
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17269
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70430000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17270
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006fc"
              }
            ],
            "repeated": 0,
            "id": 17271
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17272
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              }
            ],
            "repeated": 1,
            "id": 17273
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084c000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17274
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x704e6000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17275
          },
          {
            "timestamp": "2026-06-28 21:56:20,542",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70473000"
              },
              {
                "name": "ModuleName",
                "value": "ntmarta.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17276
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70430000"
              },
              {
                "name": "ModuleName",
                "value": "wintypes.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17277
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7068d000"
              },
              {
                "name": "ModuleName",
                "value": "CoreUIComponents.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17278
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x18\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\xf8\\xe39\\x01\\xe0\n\\x00\\x00\\x02\\x00\\x00\\x00\\x88\\xe39\\x01\\xd8\t\\x00\\x00\\x02\\x00\\x00\\x00\\xa8\\xe29\\x01\\xf8\\x08\\x00\\x00\\x02\\x00\\x00\\x00\\x18\\xe39\\x01d\\x02\\x00\\x00\\x02\\x00\\x00\\x00\\x08\\xd99\\x01@\\x0c\\x00\\x00\\x02\\x00\\x00\\x00\\x88\\xdc9\\x01\\xdc\r\\x00\\x00\\x02\\x00\\x00\\x00x\\xe09\\x01\\xb8\\x0e\\x00\\x00\\x02\\x00\\x00\\x00h\\xd69\\x01L\\x08\\x00\\x00\\x02\\x00\\x00\\x00\\x98\\xd89\\x01D\\x0c\\x00\\x00\\x02\\x00\\x00\\x00x\\xd99\\x01\\xa0\\x03\\x00\\x00\\x02\\x00\\x00\\x00\\xe8\\xd99\\x01<\\x10\\x00\\x00\\x02\\x00\\x00\\x00\\x18\\xdc9\\x01\\x90\r\\x00\\x00\\x02\\x00\\x00\\x00h\\xdd9\\x01p\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\xe8\\xe09\\x01t\\x05\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17279
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17280
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17281
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17282
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta.dll"
              }
            ],
            "repeated": 0,
            "id": 17283
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\ntmarta.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17284
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17285
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\ntmarta"
              },
              {
                "name": "DllBase",
                "value": "0x70450000"
              }
            ],
            "repeated": 0,
            "id": 17286
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17287
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17288
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17289
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              }
            ],
            "repeated": 0,
            "id": 17290
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreMessaging.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17291
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17292
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreMessaging"
              },
              {
                "name": "DllBase",
                "value": "0x70480000"
              }
            ],
            "repeated": 0,
            "id": 17293
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17294
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17295
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17296
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\wintypes.dll"
              }
            ],
            "repeated": 0,
            "id": 17297
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\WinTypes.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17298
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006f8"
              }
            ],
            "repeated": 0,
            "id": 17299
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\wintypes"
              },
              {
                "name": "DllBase",
                "value": "0x70370000"
              }
            ],
            "repeated": 0,
            "id": 17300
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17301
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17302
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17303
          },
          {
            "timestamp": "2026-06-28 21:56:20,557",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              }
            ],
            "repeated": 0,
            "id": 17304
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\CoreUIComponents.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17305
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17306
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\CoreUIComponents"
              },
              {
                "name": "DllBase",
                "value": "0x70520000"
              }
            ],
            "repeated": 0,
            "id": 17307
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17308
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17309
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17310
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\textinputframework.dll"
              }
            ],
            "repeated": 0,
            "id": 17311
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000006ec"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\textinputframework.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17312
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006ec"
              }
            ],
            "repeated": 0,
            "id": 17313
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\textinputframework"
              },
              {
                "name": "DllBase",
                "value": "0x707a0000"
              }
            ],
            "repeated": 0,
            "id": 17314
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\ntmarta"
              },
              {
                "name": "BaseAddress",
                "value": "0x70450000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70457e90"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17315
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\CoreMessaging"
              },
              {
                "name": "BaseAddress",
                "value": "0x70480000"
              },
              {
                "name": "InitRoutine",
                "value": "0x704e0f00"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17316
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\WinTypes"
              },
              {
                "name": "BaseAddress",
                "value": "0x70370000"
              },
              {
                "name": "InitRoutine",
                "value": "0x703e8590"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17317
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\CoreUIComponents"
              },
              {
                "name": "BaseAddress",
                "value": "0x70520000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7057e960"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17318
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\TextInputFramework"
              },
              {
                "name": "BaseAddress",
                "value": "0x707a0000"
              },
              {
                "name": "InitRoutine",
                "value": "0x707e0690"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17319
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17320
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17321
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17322
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\"
              }
            ],
            "repeated": 0,
            "id": 17323
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "EnableAnchorContext"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext"
              }
            ],
            "repeated": 0,
            "id": 17324
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17325
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 17326
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "USER32"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 17327
          },
          {
            "timestamp": "2026-06-28 21:56:20,573",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SystemResources\\USER32.dll.mun"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 1,
            "id": 17328
          },
          {
            "timestamp": "2026-06-28 21:56:20,589",
            "thread_id": "2784",
            "caller": "0x0c568411",
            "parentcaller": "0x0c568338",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetKeyboardLayout"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61a30"
              }
            ],
            "repeated": 0,
            "id": 17329
          },
          {
            "timestamp": "2026-06-28 21:56:20,589",
            "thread_id": "2784",
            "caller": "0x0c568544",
            "parentcaller": "0x0c568411",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 17330
          },
          {
            "timestamp": "2026-06-28 21:56:20,589",
            "thread_id": "2784",
            "caller": "0x07f38164",
            "parentcaller": "0x0c567327",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsChild"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5a6c0"
              }
            ],
            "repeated": 0,
            "id": 17331
          },
          {
            "timestamp": "2026-06-28 21:56:20,589",
            "thread_id": "2784",
            "caller": "0x093847dc",
            "parentcaller": "0x093846b9",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 3,
            "id": 17332
          },
          {
            "timestamp": "2026-06-28 21:56:20,604",
            "thread_id": "2784",
            "caller": "0x0c569f99",
            "parentcaller": "0x0c569beb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17333
          },
          {
            "timestamp": "2026-06-28 21:56:20,604",
            "thread_id": "2784",
            "caller": "0x0c569f99",
            "parentcaller": "0x0c569beb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57d30"
              }
            ],
            "repeated": 0,
            "id": 17334
          },
          {
            "timestamp": "2026-06-28 21:56:20,604",
            "thread_id": "2784",
            "caller": "0x0c56a877",
            "parentcaller": "0x0c569f99",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x000e038c"
              },
              {
                "name": "Message",
                "value": "0x0000c1f5"
              }
            ],
            "repeated": 0,
            "id": 17335
          },
          {
            "timestamp": "2026-06-28 21:56:20,620",
            "thread_id": "2784",
            "caller": "0x0c56abfd",
            "parentcaller": "0x08b8a16d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateFromHWND"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73508fb0"
              }
            ],
            "repeated": 0,
            "id": 17336
          },
          {
            "timestamp": "2026-06-28 21:56:20,620",
            "thread_id": "2784",
            "caller": "0x0c56ad16",
            "parentcaller": "0x08b8a215",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateSolidFill"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7350a810"
              }
            ],
            "repeated": 0,
            "id": 17337
          },
          {
            "timestamp": "2026-06-28 21:56:20,620",
            "thread_id": "2784",
            "caller": "0x0c56afd3",
            "parentcaller": "0x0c56ad5e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056d2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17338
          },
          {
            "timestamp": "2026-06-28 21:56:20,620",
            "thread_id": "2784",
            "caller": "0x0c56b059",
            "parentcaller": "0x0c56b00c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipFillRectangleI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e6120"
              }
            ],
            "repeated": 0,
            "id": 17339
          },
          {
            "timestamp": "2026-06-28 21:56:20,635",
            "thread_id": "2784",
            "caller": "0x0c56b307",
            "parentcaller": "0x0c56b274",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeleteBrush"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734ebf20"
              }
            ],
            "repeated": 0,
            "id": 17340
          },
          {
            "timestamp": "2026-06-28 21:56:20,682",
            "thread_id": "2784",
            "caller": "0x0c56bfd4",
            "parentcaller": "0x0c56bef3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "EnumDisplayMonitors"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63d00"
              }
            ],
            "repeated": 0,
            "id": 17341
          },
          {
            "timestamp": "2026-06-28 21:56:20,682",
            "thread_id": "2784",
            "caller": "0x0c56c2d4",
            "parentcaller": "0x0c56bd3f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetNearestColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501b0c0"
              }
            ],
            "repeated": 0,
            "id": 17342
          },
          {
            "timestamp": "2026-06-28 21:56:20,682",
            "thread_id": "2784",
            "caller": "0x0c56ca31",
            "parentcaller": "0x0c56ca0b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateSolidBrush"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75017470"
              }
            ],
            "repeated": 0,
            "id": 17343
          },
          {
            "timestamp": "2026-06-28 21:56:20,682",
            "thread_id": "2784",
            "caller": "0x0c56c958",
            "parentcaller": "0x0c56c8dc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "FillRect"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45330"
              }
            ],
            "repeated": 0,
            "id": 17344
          },
          {
            "timestamp": "2026-06-28 21:56:20,682",
            "thread_id": "2784",
            "caller": "0x0c56cca8",
            "parentcaller": "0x0c56cc5f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750158a0"
              }
            ],
            "repeated": 0,
            "id": 17345
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d452",
            "parentcaller": "0x0b23f0a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c545000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17346
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d452",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17347
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d452",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "PeekMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5dc90"
              }
            ],
            "repeated": 0,
            "id": 17348
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d4bd",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindowUnicode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d58360"
              }
            ],
            "repeated": 0,
            "id": 17349
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d4df",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5dc20"
              }
            ],
            "repeated": 0,
            "id": 17350
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d58b",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "TranslateMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5ca60"
              }
            ],
            "repeated": 0,
            "id": 17351
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56d597",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DispatchMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57f50"
              }
            ],
            "repeated": 0,
            "id": 17352
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_MSHTML_AUTOLOAD_IEFRAME"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME"
              }
            ],
            "repeated": 0,
            "id": 17353
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 17354
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000072c"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*"
              }
            ],
            "repeated": 0,
            "id": 17355
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000072c"
              }
            ],
            "repeated": 0,
            "id": 17356
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x70b10000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "mshtml.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000060"
              }
            ],
            "repeated": 0,
            "id": 17357
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US"
              }
            ],
            "repeated": 0,
            "id": 17358
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\en-US\\mshtml.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17359
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000072c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100001",
                "pretty_value": "FILE_READ_ACCESS|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\mshtml.dll.mui"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17360
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000730"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x0000072c"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\sysnative\\en-US\\mshtml.dll.mui"
              }
            ],
            "repeated": 0,
            "id": 17361
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000730"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c7e0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d908"
              },
              {
                "name": "ViewSize",
                "value": "0x00046000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17362
          },
          {
            "timestamp": "2026-06-28 21:56:20,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000730"
              }
            ],
            "repeated": 0,
            "id": 17363
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "1396",
            "caller": "0x75b94155",
            "parentcaller": "0x75b944d3",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 17364
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "1396",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b940c6",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              },
              {
                "name": "Milliseconds",
                "value": "4000"
              }
            ],
            "repeated": 0,
            "id": 17365
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "1396",
            "caller": "0x75b94290",
            "parentcaller": "0x75b94270",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000290"
              }
            ],
            "repeated": 0,
            "id": 17366
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17367
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3"
              }
            ],
            "repeated": 0,
            "id": 17368
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "1400"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400"
              }
            ],
            "repeated": 0,
            "id": 17369
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17370
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFontSize"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize"
              }
            ],
            "repeated": 0,
            "id": 17371
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFontSizePrivate"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate"
              }
            ],
            "repeated": 0,
            "id": 17372
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEPropFontName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Times New Roman"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName"
              }
            ],
            "repeated": 0,
            "id": 17373
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEFixedFontName"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Courier New"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName"
              }
            ],
            "repeated": 0,
            "id": 17374
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IESerifFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName"
              }
            ],
            "repeated": 0,
            "id": 17375
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IESansSerifFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName"
              }
            ],
            "repeated": 0,
            "id": 17376
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000680"
              },
              {
                "name": "ValueName",
                "value": "IEUIFontName"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName"
              }
            ],
            "repeated": 0,
            "id": 17377
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17378
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "msIso.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71f40000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "198"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71f68b60"
              }
            ],
            "repeated": 0,
            "id": 17379
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17380
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17381
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              }
            ],
            "repeated": 0,
            "id": 17382
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "WarnOnIntranet"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet"
              }
            ],
            "repeated": 0,
            "id": 17383
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17384
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17385
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              }
            ],
            "repeated": 0,
            "id": 17386
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "WarnOnIntranet"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet"
              }
            ],
            "repeated": 0,
            "id": 17387
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17388
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17389
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              }
            ],
            "repeated": 0,
            "id": 17390
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "WarnOnIntranet"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet"
              }
            ],
            "repeated": 0,
            "id": 17391
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17392
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17393
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\"
              }
            ],
            "repeated": 0,
            "id": 17394
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000728"
              },
              {
                "name": "ValueName",
                "value": "WarnOnIntranet"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet"
              }
            ],
            "repeated": 0,
            "id": 17395
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000728"
              }
            ],
            "repeated": 0,
            "id": 17396
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17397
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 17398
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17399
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 17400
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17401
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000730"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\"
              }
            ],
            "repeated": 0,
            "id": 17402
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000730"
              },
              {
                "name": "ValueName",
                "value": "AutoDetect"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "0"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect"
              }
            ],
            "repeated": 0,
            "id": 17403
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000730"
              }
            ],
            "repeated": 0,
            "id": 17404
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ieframe.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c60000"
              }
            ],
            "repeated": 0,
            "id": 17405
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x72c60000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ieframe.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17406
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72c60000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "159"
              },
              {
                "name": "FunctionAddress",
                "value": "0x72d0eb90"
              }
            ],
            "repeated": 0,
            "id": 17407
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17408
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "SHCORE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x755e0000"
              },
              {
                "name": "FunctionName",
                "value": "SHGetValueW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x755f8710"
              }
            ],
            "repeated": 0,
            "id": 17409
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17410
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17411
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions"
              }
            ],
            "repeated": 0,
            "id": 17412
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17413
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions"
              }
            ],
            "repeated": 0,
            "id": 17414
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 17415
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 17416
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 17417
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 17418
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 17419
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 17420
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 17421
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000730"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17422
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000730"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 17423
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17424
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17425
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17426
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000730"
              }
            ],
            "repeated": 1,
            "id": 17427
          },
          {
            "timestamp": "2026-06-28 21:56:20,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\system32\\msimtf"
              },
              {
                "name": "DllBase",
                "value": "0x70360000"
              }
            ],
            "repeated": 0,
            "id": 17428
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msimtf.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70360000"
              }
            ],
            "repeated": 0,
            "id": 17429
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "50D5107A-D278-4871-8989-F4CEAAF59CFC"
              },
              {
                "name": "ClsContext",
                "value": "0x00000401",
                "pretty_value": "CLSCTX_INPROC_SERVER|CLSCTX_NO_CODE_DOWNLOAD"
              },
              {
                "name": "riid",
                "value": "08C0E040-62D1-11D1-9326-0060B067B86E"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17430
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "ext-ms-win-ntuser-touch-hittest-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 17431
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75d20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "ext-ms-win-ntuser-touch-hittest-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17432
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterTouchHitTestingWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64800"
              }
            ],
            "repeated": 0,
            "id": 17433
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17434
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17435
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "d2d1.dll"
              }
            ],
            "repeated": 0,
            "id": 17436
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d2d1.dll"
              }
            ],
            "repeated": 0,
            "id": 17437
          },
          {
            "timestamp": "2026-06-28 21:56:20,760",
            "thread_id": "2784",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e32b",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d2d1.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17438
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e32b",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000738"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\d2d1.dll"
              }
            ],
            "repeated": 0,
            "id": 17439
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000073c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe40000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x00515000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17440
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17441
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17442
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17443
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031a000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17444
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 17445
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e32b",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000738"
              }
            ],
            "repeated": 0,
            "id": 17446
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031a000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17447
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f50eba",
            "parentcaller": "0x76f50d02",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\r\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00 \\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00%\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00.\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00=\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00F\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00O\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00i\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00m\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00p\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x81\\xb21\\x01"
              }
            ],
            "repeated": 0,
            "id": 17448
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17449
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17450
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17451
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\d2d1.dll"
              }
            ],
            "repeated": 0,
            "id": 17452
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000738"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d2d1.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17453
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000738"
              }
            ],
            "repeated": 0,
            "id": 17454
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\d2d1"
              },
              {
                "name": "DllBase",
                "value": "0x6fe40000"
              }
            ],
            "repeated": 0,
            "id": 17455
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x7013d812",
            "parentcaller": "0x74e26498",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 17456
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17457
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct2D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct2D"
              }
            ],
            "repeated": 0,
            "id": 17458
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17459
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D\\Direct2D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Direct3D\\Direct2D"
              }
            ],
            "repeated": 0,
            "id": 17460
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\d2d1"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe40000"
              },
              {
                "name": "InitRoutine",
                "value": "0x70152d70"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17461
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17462
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17463
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70ec0e50"
              }
            ],
            "repeated": 0,
            "id": 17464
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17465
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17466
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17467
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17468
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17469
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f4cbfb"
              }
            ],
            "repeated": 0,
            "id": 17470
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17471
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 17472
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17473
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17474
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a26000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17475
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17476
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x7220ec72",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000073c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00N\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17477
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7220ec87",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 17478
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17479
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Direct3D"
              }
            ],
            "repeated": 0,
            "id": 17480
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17481
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D"
              }
            ],
            "repeated": 0,
            "id": 17482
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17483
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17484
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D\\Drivers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\Drivers"
              }
            ],
            "repeated": 0,
            "id": 17485
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size"
              }
            ],
            "repeated": 0,
            "id": 17486
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name"
              }
            ],
            "repeated": 0,
            "id": 17487
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x7220eb4f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17488
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17489
          },
          {
            "timestamp": "2026-06-28 21:56:20,776",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17490
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList"
              }
            ],
            "repeated": 0,
            "id": 17491
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size"
              }
            ],
            "repeated": 0,
            "id": 17492
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name"
              }
            ],
            "repeated": 0,
            "id": 17493
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x7220eb4f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17494
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000073c"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 17495
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x7220e9ee",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 0,
            "id": 17496
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x7221afd4",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17497
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221afe2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetSharedResourceAdapterLuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2f90"
              }
            ],
            "repeated": 0,
            "id": 17498
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aff8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetStereoEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3490"
              }
            ],
            "repeated": 0,
            "id": 17499
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x722324d6",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 17500
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72226c81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 17501
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7220ad37",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 17502
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7220caca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 17503
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x722266e1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 17504
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72226c2e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 17505
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7220a04e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 17506
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b8fb07",
            "parentcaller": "0x7220b0da",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17507
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x7220b484",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 17508
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17509
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17510
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7220cc5e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17511
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x7220cc2e",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000073c"
              }
            ],
            "repeated": 1,
            "id": 17512
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x7220eed3",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "csrsrv.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17513
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "resourcepolicyclient.dll"
              }
            ],
            "repeated": 0,
            "id": 17514
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\resourcepolicyclient.dll"
              }
            ],
            "repeated": 0,
            "id": 17515
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e155",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\resourcepolicyclient.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17516
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e155",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000740"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000734"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\ResourcePolicyClient.dll"
              }
            ],
            "repeated": 0,
            "id": 17517
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000740"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe30000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0000f000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17518
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe3c000"
              },
              {
                "name": "ModuleName",
                "value": "resourcepolicyclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17519
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17520
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17521
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe3b000"
              },
              {
                "name": "ModuleName",
                "value": "resourcepolicyclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17522
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe3b000"
              },
              {
                "name": "ModuleName",
                "value": "resourcepolicyclient.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17523
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000740"
              }
            ],
            "repeated": 0,
            "id": 17524
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17525
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17526
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17527
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17528
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\resourcepolicyclient.dll"
              }
            ],
            "repeated": 0,
            "id": 17529
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\resourcepolicyclient.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17530
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17531
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\resourcepolicyclient"
              },
              {
                "name": "DllBase",
                "value": "0x6fe30000"
              }
            ],
            "repeated": 0,
            "id": 17532
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f51843",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\ResourcePolicyClient"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe30000"
              },
              {
                "name": "InitRoutine",
                "value": "0x6fe342f0"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17533
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7220ef08",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "resourcepolicyclient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6fe30000"
              },
              {
                "name": "FunctionName",
                "value": "CreateGameConfigStoreClient"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6fe33d10"
              }
            ],
            "repeated": 0,
            "id": 17534
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75a10787",
            "parentcaller": "0x75a103e7",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "0x80000000"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\MACHINE\\Software\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface"
              }
            ],
            "repeated": 0,
            "id": 17535
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75a107b9",
            "parentcaller": "0x75a103e7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "SecurityDescriptor"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor"
              }
            ],
            "repeated": 0,
            "id": 17536
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75a10800",
            "parentcaller": "0x75a103e7",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "SecurityDescriptor"
              },
              {
                "name": "Type",
                "value": "3",
                "pretty_value": "REG_BINARY"
              },
              {
                "name": "Information",
                "value": "\\x01\\x00\\x04\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\xf4\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\xff\\xff\\x1f\\x11\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x0b\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\xff\\xff\\x1f\\x11\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\xff\\xff\\x1f\\x11\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x10\\x01\t\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x10\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor"
              }
            ],
            "repeated": 0,
            "id": 17537
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75a10824",
            "parentcaller": "0x75a103e7",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17538
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17539
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x753bcc42",
            "parentcaller": "0x753c95be",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 17540
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 17541
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17542
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "|m\\x9c\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00f\\x00t\\x00\\\\x00D\\x00i\\x00r\\x00e\\x00c\\x00t\\x003\\x00D\\x00\\\\x00D\\x00r\\x00i\\x00v\\x00e\\x00r\\x00s\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17543
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "(\\x03\\xa0\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 17544
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17545
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "d\\x18\\x9e\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17546
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17547
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "$ 3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 17548
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00  3\\x01\\x00\\x00#\\x00\\xc4\\xa0\\xb8\\xa0H\\x07\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0H\\x07\\x00\\x00\\x0c\\xa1\\xf3\\x00\\x83\\x91\\xf5vH\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17549
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\x8b\\xf4@v\\xb4\\x9b\\xf3\\x00H\\x07\\x00\\x00@\\xa7\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xc4\\xa0\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 17550
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17551
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "\\xecu\\x9c\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00d\\x002\\x00d\\x001\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17552
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x00\\xa0\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 17553
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17554
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14\\x18\\x9e\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17555
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17556
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a28000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17557
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "ty\\xa2\\x08\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 17558
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00py\\xa2\\x08\\x00\\x00#\\x00\\xac\\x9e\\xa0\\x9eH\\x07\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc0H\\x07\\x00\\x00\\xf4\\x9e\\xf3\\x00\\x83\\x91\\xf5vH\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17559
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\xa3\\xca@v\\x9c\\x99\\xf3\\x00H\\x07\\x00\\x00@\\xa7\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\xac\\x9e\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 17560
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17561
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 17562
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17563
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x753bcc42",
            "parentcaller": "0x753c442d",
            "category": "filesystem",
            "api": "NtOpenDirectoryObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryHandle",
                "value": "0x00000748"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020001",
                "pretty_value": "FILE_READ_ACCESS|READ_CONTROL"
              },
              {
                "name": "ObjectAttributes",
                "value": "C:\\RPC Control"
              }
            ],
            "repeated": 0,
            "id": 17564
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b92644",
            "parentcaller": "0x753bccd3",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17565
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f59426",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17566
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "|m\\x9c\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00f\\x00t\\x00\\\\x00D\\x00i\\x00r\\x00e\\x00c\\x00t\\x003\\x00D\\x00\\\\x00D\\x00r\\x00i\\x00v\\x00e\\x00r\\x00s\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17567
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": " \\x02\\xa0\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00-\\x00c\\x00o\\x00r\\x00e\\x00-\\x00w\\x00i\\x00n\\x003\\x002\\x00k\\x00-\\x00m\\x00i\\x00n\\x00u\\x00s\\x00e\\x00r\\x00-\\x00l\\x001\\x00-\\x001\\x00-\\x000\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17568
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17569
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\x14\\x18\\x9e\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17570
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17571
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "$ 3\\x01\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 17572
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00  3\\x01\\x00\\x00#\\x00\\x94\\x9f\\x88\\x9f4\\x07\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc04\\x07\\x00\\x00\\xdc\\x9f\\xf3\\x00\\x83\\x91\\xf5v4\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17573
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\xbb\\xcb@v\\x84\\x9a\\xf3\\x004\\x07\\x00\\x00@\\xa7\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff\\x94\\x9f\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 17574
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f569f0",
            "parentcaller": "0x76f57121",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17575
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59094",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "4"
              },
              {
                "name": "TokenInformation",
                "value": "|r\\x9c\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00y\\x00s\\x00t\\x00e\\x00m\\x003\\x002\\x00\\\\x00d\\x002\\x00d\\x001\\x00.\\x00d\\x00l\\x00l\\x00\\x00\\x00l\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17576
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590d3",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "h\\x00\\xa0\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00r\\x00s\\x00\\\\x00R\\x00a\\x00j\\x00e\\x00s\\x00h\\x00\\\\x00A\\x00p\\x00p\\x00D\\x00a\\x00t\\x00a\\x00\\\\x00L\\x00o\\x00c\\x00a\\x00l\\x00\\\\x00T\\x00e\\x00m\\x00p\\x00"
              }
            ],
            "repeated": 0,
            "id": 17577
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f590f0",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17578
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5912f",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "5"
              },
              {
                "name": "TokenInformation",
                "value": "\\xc4\\x17\\x9e\\x08\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\x01\\x02\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17579
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59148",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17580
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59183",
            "parentcaller": "0x76f56a95",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "6"
              },
              {
                "name": "TokenInformation",
                "value": "\\xfc\\x81\\xa2\\x08\\x02\\x00\\\\x00\\x03\\x00\\x00\\x00\\x00\\x00$\\x00\\x00\\x00\\x00\\x10\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x1c\\x00\\x00\\x00\\x00\\xa0\\x01\\x03\\x00\\x00\\x00\\x00\\x00\\x05\\x05\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02I\n\\x00"
              }
            ],
            "repeated": 0,
            "id": 17581
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f59210",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x82\\x86OtX\\xa3Ot\\x06\\x00\\x00\\x00D\\xa3Ot`\\x00\\x00\\x00\\xf8\\x81\\xa2\\x08\\x00\\x00#\\x00|\\x9dp\\x9d4\\x07\\x00\\x00\\x94\\xda\\x00\\x00\\x00\\x00+\\x01#\\x00\\x00\\xc04\\x07\\x00\\x00\\xc4\\x9d\\xf3\\x00\\x83\\x91\\xf5v4\\x07\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17582
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5923e",
            "parentcaller": "0x76f59193",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "41"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\xac\\xdfWt\\xfc\\x91\\x11\\x03\\x94\\xda\\x12\\x03#\\x00\\x00\\xc0\\xbc\\xa9-t\\xd3\\xc9@vl\\x98\\xf3\\x004\\x07\\x00\\x00@\\xa7\\xf3\\x00\\x10\\xf4Dt\\x7f\\xb3\\xe3\\x02\\xfe\\xff\\xff\\xff|\\x9d\\xf3\\x00v\\x1b1tH\\x00\\x00\\x00\\x8c}Ott\\xa3Ot"
              }
            ],
            "repeated": 0,
            "id": 17583
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f5957b",
            "parentcaller": "0x76f576cc",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xa0\\x9f\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x0c\\x00\\x00\\x00\\xf8\\x9f\\xf3\\x00D\\x88\\xf5vt\\xf63\\x01\\xe8\\x9f\\xf3\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00f\\x88\\xf5v\\x00\\x00\\x00\\x00\\x00\\x03\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 17584
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd23",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 17585
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x753bcd3c",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17586
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f679e9",
            "parentcaller": "0x753bdc27",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17587
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7220d33d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "resourcepolicyclient.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6fe30000"
              },
              {
                "name": "FunctionName",
                "value": "FreeGameConfigStoreClient"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6fe33cd0"
              }
            ],
            "repeated": 0,
            "id": 17588
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f4dd42",
            "parentcaller": "0x76f5a5ba",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "unload"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\resourcepolicyclient"
              },
              {
                "name": "DllBase",
                "value": "0x6fe30000"
              }
            ],
            "repeated": 0,
            "id": 17589
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17590
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17591
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f66858",
            "parentcaller": "0x75b8ef86",
            "category": "process",
            "api": "NtUnmapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              }
            ],
            "repeated": 0,
            "id": 17592
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17593
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 17594
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTEnumAdapters2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2dc0"
              }
            ],
            "repeated": 0,
            "id": 17595
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 17596
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 17597
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17598
          },
          {
            "timestamp": "2026-06-28 21:56:20,792",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17599
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17600
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17601
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17602
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\DirectX\\UserGpuPreferences"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\DirectX\\UserGpuPreferences"
              }
            ],
            "repeated": 0,
            "id": 17603
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000744"
              },
              {
                "name": "ValueName",
                "value": "DirectXUserGlobalSettings"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\DirectXUserGlobalSettings"
              }
            ],
            "repeated": 0,
            "id": 17604
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72225e1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000744"
              }
            ],
            "repeated": 0,
            "id": 17605
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17606
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72292000"
              },
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17607
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b924ba",
            "parentcaller": "0x75b92466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000023",
            "pretty_return": "BUFFER_TOO_SMALL",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17608
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b924f6",
            "parentcaller": "0x75b92466",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "39"
              },
              {
                "name": "TokenInformation",
                "value": "\\x01\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x14\\x86\\xa1\\x08 \\x00 \\x00,\\x86\\xa1\\x08\\x02\\x00\\x00\\x00A\\x00\\x00\\x00\\x02\\x00\\x00\\x00P\\x86\\xa1\\x08T\\x00S\\x00A\\x00:\\x00/\\x00/\\x00P\\x00r\\x00o\\x00c\\x00U\\x00n\\x00i\\x00q\\x00u\\x00e\\x00\\x00\\x00\\x00\\x00w\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xf4I\\x18\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17609
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17610
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\DirectX\\UserGpuPreferences"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\DirectX\\UserGpuPreferences"
              }
            ],
            "repeated": 0,
            "id": 17611
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000734"
              },
              {
                "name": "ValueName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 17612
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72225e1a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17613
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17614
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17615
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromGdiDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d760"
              }
            ],
            "repeated": 0,
            "id": 17616
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromDeviceName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3090"
              }
            ],
            "repeated": 0,
            "id": 17617
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDisplayModeList"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e90"
              }
            ],
            "repeated": 0,
            "id": 17618
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d950"
              }
            ],
            "repeated": 0,
            "id": 17619
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33d0"
              }
            ],
            "repeated": 0,
            "id": 17620
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 17621
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetGammaRamp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3400"
              }
            ],
            "repeated": 0,
            "id": 17622
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDeviceState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e80"
              }
            ],
            "repeated": 0,
            "id": 17623
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 17624
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3640"
              }
            ],
            "repeated": 0,
            "id": 17625
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d900"
              }
            ],
            "repeated": 0,
            "id": 17626
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2be0"
              }
            ],
            "repeated": 0,
            "id": 17627
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ce0"
              }
            ],
            "repeated": 0,
            "id": 17628
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckVidPnExclusiveOwnership"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b70"
              }
            ],
            "repeated": 0,
            "id": 17629
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMonitorPowerState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b10"
              }
            ],
            "repeated": 0,
            "id": 17630
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckSharedResourceAccess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b60"
              }
            ],
            "repeated": 0,
            "id": 17631
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c40"
              }
            ],
            "repeated": 0,
            "id": 17632
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d30"
              }
            ],
            "repeated": 0,
            "id": 17633
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetFrameInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3190"
              }
            ],
            "repeated": 0,
            "id": 17634
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetMetaData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31a0"
              }
            ],
            "repeated": 0,
            "id": 17635
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetPointerShapeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31b0"
              }
            ],
            "repeated": 0,
            "id": 17636
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplReleaseFrame"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31d0"
              }
            ],
            "repeated": 0,
            "id": 17637
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3650"
              }
            ],
            "repeated": 0,
            "id": 17638
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDWMVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e70"
              }
            ],
            "repeated": 0,
            "id": 17639
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetSyncRefreshCountWaitTarget"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e34a0"
              }
            ],
            "repeated": 0,
            "id": 17640
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 17641
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTChangeVideoMemoryReservation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2af0"
              }
            ],
            "repeated": 0,
            "id": 17642
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x722179b0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17643
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x722179ce",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17644
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromGdiDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d760"
              }
            ],
            "repeated": 0,
            "id": 17645
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a23",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromDeviceName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3090"
              }
            ],
            "repeated": 0,
            "id": 17646
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a3c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDisplayModeList"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e90"
              }
            ],
            "repeated": 0,
            "id": 17647
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d950"
              }
            ],
            "repeated": 0,
            "id": 17648
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a6e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33d0"
              }
            ],
            "repeated": 0,
            "id": 17649
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 17650
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aa0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetGammaRamp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3400"
              }
            ],
            "repeated": 0,
            "id": 17651
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217abc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDeviceState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e80"
              }
            ],
            "repeated": 0,
            "id": 17652
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217ad5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 17653
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3640"
              }
            ],
            "repeated": 0,
            "id": 17654
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d900"
              }
            ],
            "repeated": 0,
            "id": 17655
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b35",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2be0"
              }
            ],
            "repeated": 0,
            "id": 17656
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ce0"
              }
            ],
            "repeated": 0,
            "id": 17657
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckVidPnExclusiveOwnership"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b70"
              }
            ],
            "repeated": 0,
            "id": 17658
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMonitorPowerState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b10"
              }
            ],
            "repeated": 0,
            "id": 17659
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b97",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckSharedResourceAccess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b60"
              }
            ],
            "repeated": 0,
            "id": 17660
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bb1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c40"
              }
            ],
            "repeated": 0,
            "id": 17661
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bcb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d30"
              }
            ],
            "repeated": 0,
            "id": 17662
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217be5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetFrameInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3190"
              }
            ],
            "repeated": 0,
            "id": 17663
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetMetaData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31a0"
              }
            ],
            "repeated": 0,
            "id": 17664
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetPointerShapeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31b0"
              }
            ],
            "repeated": 0,
            "id": 17665
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c33",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplReleaseFrame"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31d0"
              }
            ],
            "repeated": 0,
            "id": 17666
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c4d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3650"
              }
            ],
            "repeated": 0,
            "id": 17667
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c67",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDWMVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e70"
              }
            ],
            "repeated": 0,
            "id": 17668
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetSyncRefreshCountWaitTarget"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e34a0"
              }
            ],
            "repeated": 0,
            "id": 17669
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c9b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 17670
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217cb5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTChangeVideoMemoryReservation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2af0"
              }
            ],
            "repeated": 0,
            "id": 17671
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a2a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17672
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ENABLE_D3D_MULTITHREADING"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_D3D_MULTITHREADING"
              }
            ],
            "repeated": 0,
            "id": 17673
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_ENABLE_D3D_DEBUG_LAYER"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_D3D_DEBUG_LAYER"
              }
            ],
            "repeated": 0,
            "id": 17674
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17675
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x71c74000"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17676
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000001"
              }
            ],
            "repeated": 0,
            "id": 17677
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17678
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17679
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17680
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f561ea",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000734"
              }
            ],
            "repeated": 0,
            "id": 17681
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f56211",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000748"
              }
            ],
            "repeated": 0,
            "id": 17682
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x724d1666",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 17683
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x724ae158",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 17684
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7248a770",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 17685
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7248f93c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 17686
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x724add51",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 17687
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x724ae105",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 17688
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x72490252",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXGI"
              },
              {
                "name": "ModuleHandle",
                "value": "0x721f0000"
              }
            ],
            "repeated": 0,
            "id": 17689
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72490259",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "dxgi.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x721f0000"
              },
              {
                "name": "FunctionName",
                "value": "CompatValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x722132f0"
              }
            ],
            "repeated": 0,
            "id": 17690
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17691
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17692
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9db61",
            "parentcaller": "0x72219746",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 17693
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ace7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTRegisterTrimNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75014fb0"
              }
            ],
            "repeated": 0,
            "id": 17694
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221acba",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUnregisterTrimNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501db30"
              }
            ],
            "repeated": 0,
            "id": 17695
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ac8d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTMakeResident"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3000"
              }
            ],
            "repeated": 0,
            "id": 17696
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ac60",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTEvict"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2de0"
              }
            ],
            "repeated": 0,
            "id": 17697
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ac33",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForSynchronizationObjectFromCpu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3620"
              }
            ],
            "repeated": 0,
            "id": 17698
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ac06",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSignalSynchronizationObjectFromCpu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3520"
              }
            ],
            "repeated": 0,
            "id": 17699
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221abd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForSynchronizationObjectFromGpu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3630"
              }
            ],
            "repeated": 0,
            "id": 17700
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221abac",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSignalSynchronizationObjectFromGpu"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3530"
              }
            ],
            "repeated": 0,
            "id": 17701
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ab7f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSignalSynchronizationObjectFromGpu2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3540"
              }
            ],
            "repeated": 0,
            "id": 17702
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ab52",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreatePagingQueue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c60"
              }
            ],
            "repeated": 0,
            "id": 17703
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221ab25",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyPagingQueue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d50"
              }
            ],
            "repeated": 0,
            "id": 17704
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aaf8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTLock2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ff0"
              }
            ],
            "repeated": 0,
            "id": 17705
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aacb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUnlock2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e35c0"
              }
            ],
            "repeated": 0,
            "id": 17706
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aa9e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTInvalidateCache"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2fd0"
              }
            ],
            "repeated": 0,
            "id": 17707
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aa71",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetResourcePresentPrivateDriverData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2f40"
              }
            ],
            "repeated": 0,
            "id": 17708
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aa44",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTReserveGpuVirtualAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3390"
              }
            ],
            "repeated": 0,
            "id": 17709
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221aa17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTMapGpuVirtualAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3010"
              }
            ],
            "repeated": 0,
            "id": 17710
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a9ea",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTFreeGpuVirtualAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e20"
              }
            ],
            "repeated": 0,
            "id": 17711
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a9bd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUpdateGpuVirtualAddress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e35e0"
              }
            ],
            "repeated": 0,
            "id": 17712
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a990",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateContextVirtual"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2bd0"
              }
            ],
            "repeated": 0,
            "id": 17713
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a963",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSubmitCommand"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3550"
              }
            ],
            "repeated": 0,
            "id": 17714
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a936",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenSyncObjectNtHandleFromName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3170"
              }
            ],
            "repeated": 0,
            "id": 17715
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a909",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenSyncObjectFromNtHandle2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3160"
              }
            ],
            "repeated": 0,
            "id": 17716
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a8dc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyAllocation2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2cc0"
              }
            ],
            "repeated": 0,
            "id": 17717
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a8af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 17718
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a882",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTChangeVideoMemoryReservation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2af0"
              }
            ],
            "repeated": 0,
            "id": 17719
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a855",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTReclaimAllocations2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3320"
              }
            ],
            "repeated": 0,
            "id": 17720
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a828",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTPresentMultiPlaneOverlay2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3210"
              }
            ],
            "repeated": 0,
            "id": 17721
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a7fb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMultiPlaneOverlaySupport2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b30"
              }
            ],
            "repeated": 0,
            "id": 17722
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a7ce",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetStablePowerState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3480"
              }
            ],
            "repeated": 0,
            "id": 17723
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a7a1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryClockCalibration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3260"
              }
            ],
            "repeated": 0,
            "id": 17724
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a774",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTMarkDeviceAsError"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3020"
              }
            ],
            "repeated": 0,
            "id": 17725
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a747",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTFlushHeapTransitions"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e10"
              }
            ],
            "repeated": 0,
            "id": 17726
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a71a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUpdateAllocationProperty"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e35d0"
              }
            ],
            "repeated": 0,
            "id": 17727
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a6ed",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetAllocationPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e30"
              }
            ],
            "repeated": 0,
            "id": 17728
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a6c0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOfferAllocations"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3080"
              }
            ],
            "repeated": 0,
            "id": 17729
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a693",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTReclaimAllocations"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3310"
              }
            ],
            "repeated": 0,
            "id": 17730
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a666",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTReleaseKeyedMutex2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3340"
              }
            ],
            "repeated": 0,
            "id": 17731
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a639",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTAcquireKeyedMutex2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2aa0"
              }
            ],
            "repeated": 0,
            "id": 17732
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a60c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenKeyedMutex2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e30e0"
              }
            ],
            "repeated": 0,
            "id": 17733
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a5df",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateKeyedMutex2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c30"
              }
            ],
            "repeated": 0,
            "id": 17734
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a5b2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplPresent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31c0"
              }
            ],
            "repeated": 0,
            "id": 17735
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a585",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryResourceInfoFromNtHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e32d0"
              }
            ],
            "repeated": 0,
            "id": 17736
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a558",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTShareObjects"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e34e0"
              }
            ],
            "repeated": 0,
            "id": 17737
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a52b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenNtHandleFromName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3100"
              }
            ],
            "repeated": 0,
            "id": 17738
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a4fe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenResourceFromNtHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3130"
              }
            ],
            "repeated": 0,
            "id": 17739
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a4d1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTPinDirectFlipResources"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d890"
              }
            ],
            "repeated": 0,
            "id": 17740
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a4a4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUnpinDirectFlipResources"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501da60"
              }
            ],
            "repeated": 0,
            "id": 17741
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a477",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetContextInProcessSchedulingPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33b0"
              }
            ],
            "repeated": 0,
            "id": 17742
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a44a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetContextInProcessSchedulingPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e50"
              }
            ],
            "repeated": 0,
            "id": 17743
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a41d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenSyncObjectFromNtHandle"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3150"
              }
            ],
            "repeated": 0,
            "id": 17744
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a3f0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTPresentMultiPlaneOverlay"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3200"
              }
            ],
            "repeated": 0,
            "id": 17745
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a3c3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMultiPlaneOverlaySupport"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b20"
              }
            ],
            "repeated": 0,
            "id": 17746
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a396",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSignalSynchronizationObject2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3510"
              }
            ],
            "repeated": 0,
            "id": 17747
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a369",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForSynchronizationObject2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3610"
              }
            ],
            "repeated": 0,
            "id": 17748
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a33c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenSynchronizationObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3180"
              }
            ],
            "repeated": 0,
            "id": 17749
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a30f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateSynchronizationObject2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c90"
              }
            ],
            "repeated": 0,
            "id": 17750
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a2e2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTReleaseKeyedMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3330"
              }
            ],
            "repeated": 0,
            "id": 17751
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a2b5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTAcquireKeyedMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2a90"
              }
            ],
            "repeated": 0,
            "id": 17752
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a288",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyKeyedMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d20"
              }
            ],
            "repeated": 0,
            "id": 17753
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a25b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenKeyedMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e30d0"
              }
            ],
            "repeated": 0,
            "id": 17754
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a22e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateKeyedMutex"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c20"
              }
            ],
            "repeated": 0,
            "id": 17755
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219d9d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenResource2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3120"
              }
            ],
            "repeated": 0,
            "id": 17756
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219d9d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateAllocation2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ba0"
              }
            ],
            "repeated": 0,
            "id": 17757
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a201",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTConfigureSharedResource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b90"
              }
            ],
            "repeated": 0,
            "id": 17758
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219bec",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetQueuedLimit"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3470"
              }
            ],
            "repeated": 0,
            "id": 17759
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a1d4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetMultisampleMethodList"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ec0"
              }
            ],
            "repeated": 0,
            "id": 17760
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a1a7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 17761
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a17a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayPrivateDriverFormat"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d8e0"
              }
            ],
            "repeated": 0,
            "id": 17762
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a14d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroySynchronizationObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d70"
              }
            ],
            "repeated": 0,
            "id": 17763
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a120",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateSynchronizationObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75014210"
              }
            ],
            "repeated": 0,
            "id": 17764
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a0f3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2cd0"
              }
            ],
            "repeated": 0,
            "id": 17765
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a0c6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2bc0"
              }
            ],
            "repeated": 0,
            "id": 17766
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a099",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetContextSchedulingPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e60"
              }
            ],
            "repeated": 0,
            "id": 17767
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a06c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetContextSchedulingPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33c0"
              }
            ],
            "repeated": 0,
            "id": 17768
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a03f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTPresent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31f0"
              }
            ],
            "repeated": 0,
            "id": 17769
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x7221a012",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyDevice"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2cf0"
              }
            ],
            "repeated": 0,
            "id": 17770
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219fe5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateDevice"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2bf0"
              }
            ],
            "repeated": 0,
            "id": 17771
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219fb8",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAllocationResidency"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3250"
              }
            ],
            "repeated": 0,
            "id": 17772
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219f8b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetAllocationPriority"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33a0"
              }
            ],
            "repeated": 0,
            "id": 17773
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219f5e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2cb0"
              }
            ],
            "repeated": 0,
            "id": 17774
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219d9d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenResource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d7e0"
              }
            ],
            "repeated": 0,
            "id": 17775
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219f31",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryResourceInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e32c0"
              }
            ],
            "repeated": 0,
            "id": 17776
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219d9d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750171c0"
              }
            ],
            "repeated": 0,
            "id": 17777
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219f04",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDeviceState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e80"
              }
            ],
            "repeated": 0,
            "id": 17778
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219ed7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33d0"
              }
            ],
            "repeated": 0,
            "id": 17779
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219eaa",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSignalSynchronizationObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d9a0"
              }
            ],
            "repeated": 0,
            "id": 17780
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219e7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForSynchronizationObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501daa0"
              }
            ],
            "repeated": 0,
            "id": 17781
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219e50",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTEscape"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2dd0"
              }
            ],
            "repeated": 0,
            "id": 17782
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219e23",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTUnlock"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e35b0"
              }
            ],
            "repeated": 0,
            "id": 17783
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219df6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTLock"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2fe0"
              }
            ],
            "repeated": 0,
            "id": 17784
          },
          {
            "timestamp": "2026-06-28 21:56:20,807",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219dc9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTRender"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3380"
              }
            ],
            "repeated": 0,
            "id": 17785
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7221025f",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\d3d10warp"
              },
              {
                "name": "DllBase",
                "value": "0x6f870000"
              }
            ],
            "repeated": 0,
            "id": 17786
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b90766",
            "parentcaller": "0x7221025f",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f870000"
              }
            ],
            "repeated": 0,
            "id": 17787
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x724824e6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f870000"
              },
              {
                "name": "FunctionName",
                "value": "OpenAdapter10_2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6f8dbb80"
              }
            ],
            "repeated": 0,
            "id": 17788
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x6fb4701b",
            "parentcaller": "0x6f8a7ec5",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 17789
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17790
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17791
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba68b3",
            "parentcaller": "0x75ba6840",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "164"
              }
            ],
            "repeated": 0,
            "id": 17792
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67a1",
            "parentcaller": "0x75ba66ad",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx"
              }
            ],
            "repeated": 0,
            "id": 17793
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67bd",
            "parentcaller": "0x75ba66ad",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 17794
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67f0",
            "parentcaller": "0x75ba66ad",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 17795
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67a1",
            "parentcaller": "0x75ba66f3",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020119",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_NOTIFY|KEY_WOW64_64KEY|STANDARD_RIGHTS_REQUIRED"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock"
              }
            ],
            "repeated": 0,
            "id": 17796
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67bd",
            "parentcaller": "0x75ba66f3",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "ValueName",
                "value": "AllowDevelopmentWithoutDevLicense"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense"
              }
            ],
            "repeated": 0,
            "id": 17797
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75ba67f0",
            "parentcaller": "0x75ba66f3",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 17798
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17799
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "System\\CurrentControlSet\\Control\\GraphicsDrivers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\GraphicsDrivers"
              }
            ],
            "repeated": 0,
            "id": 17800
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72459620",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 17801
          },
          {
            "timestamp": "2026-06-28 21:56:20,823",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17802
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9f14d",
            "parentcaller": "0x72459d21",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x0000074c"
              },
              {
                "name": "HandleName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00P\\x02\\x00\\x00\\x00\\x00\\x00\\x00N\\x02\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17803
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x72459d36",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 17804
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17805
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Direct3D"
              }
            ],
            "repeated": 0,
            "id": 17806
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17807
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D"
              }
            ],
            "repeated": 0,
            "id": 17808
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17809
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17810
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D\\Drivers"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\Drivers"
              }
            ],
            "repeated": 0,
            "id": 17811
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size"
              }
            ],
            "repeated": 0,
            "id": 17812
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name"
              }
            ],
            "repeated": 0,
            "id": 17813
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72459bfe",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 17814
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "Index",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17815
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b84a1e",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17816
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b84a62",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList"
              }
            ],
            "repeated": 0,
            "id": 17817
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "Size"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size"
              }
            ],
            "repeated": 0,
            "id": 17818
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b84f68",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000750"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name"
              }
            ],
            "repeated": 0,
            "id": 17819
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72459bfe",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 17820
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b847eb",
            "parentcaller": "0x75b82fbb",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000074c"
              },
              {
                "name": "Index",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 17821
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72459a9d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 0,
            "id": 17822
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72489b8e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 17823
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b8fb07",
            "parentcaller": "0x7248ab3d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17824
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x7248ae1f",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 17825
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17826
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 17827
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7249013e",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000750"
              }
            ],
            "repeated": 0,
            "id": 17828
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b94290",
            "parentcaller": "0x7249010e",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000074c"
              }
            ],
            "repeated": 1,
            "id": 17829
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a2e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17830
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x6f8eb260",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 17831
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x6f8eb273",
            "parentcaller": "0x6f8d9695",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17832
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17833
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17834
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x6f8eb2dd",
            "parentcaller": "0x6f8d9695",
            "category": "misc",
            "api": "GetSystemMetrics",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemMetricIndex",
                "value": "4096"
              }
            ],
            "repeated": 0,
            "id": 17835
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75bacc3a",
            "parentcaller": "0x6f8eb2fd",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "55"
              }
            ],
            "repeated": 0,
            "id": 17836
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a36000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17837
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a3a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17838
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "dxcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17839
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5210c",
            "parentcaller": "0x76f52016",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DXCore.dll"
              }
            ],
            "repeated": 0,
            "id": 17840
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5e5df",
            "parentcaller": "0x76f5e155",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000790"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100021",
                "pretty_value": "FILE_READ_ACCESS|FILE_EXECUTE|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DXCore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17841
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5e61c",
            "parentcaller": "0x76f5e155",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000794"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d",
                "pretty_value": "SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_EXECUTE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000790"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\DXCore.dll"
              }
            ],
            "repeated": 0,
            "id": 17842
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000794"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f840000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0002c000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17843
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f868000"
              },
              {
                "name": "ModuleName",
                "value": "dxcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17844
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17845
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17846
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f865000"
              },
              {
                "name": "ModuleName",
                "value": "dxcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17847
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5106f",
            "parentcaller": "0x76f4f009",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000798"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000d"
              },
              {
                "name": "ObjectAttributes",
                "value": "cfgmgr32.dll"
              }
            ],
            "repeated": 0,
            "id": 17848
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f511fc",
            "parentcaller": "0x76f51367",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000798"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75720000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00000000"
              },
              {
                "name": "ViewSize",
                "value": "0x0003b000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000080",
                "pretty_value": "PAGE_EXECUTE_WRITECOPY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17849
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4ffdf",
            "parentcaller": "0x76f50764",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75757000"
              },
              {
                "name": "ModuleName",
                "value": "cfgmgr32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17850
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61db1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17851
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f61e28",
            "parentcaller": "0x76f61de1",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x77029000"
              },
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00003000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17852
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f39d1b",
            "parentcaller": "0x76f4b470",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "cfgmgr32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17853
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4f089",
            "parentcaller": "0x76f52308",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000798"
              }
            ],
            "repeated": 0,
            "id": 17854
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5e670",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000794"
              }
            ],
            "repeated": 0,
            "id": 17855
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f5e678",
            "parentcaller": "0x76f5e155",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000790"
              }
            ],
            "repeated": 0,
            "id": 17856
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75755000"
              },
              {
                "name": "ModuleName",
                "value": "cfgmgr32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17857
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f50ce0",
            "parentcaller": "0x76f3e463",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f865000"
              },
              {
                "name": "ModuleName",
                "value": "dxcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17858
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f50eba",
            "parentcaller": "0x76f50d02",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "35"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0e\\x00\\x00\\x00\\x1b\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x003\\x01"
              }
            ],
            "repeated": 0,
            "id": 17859
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17860
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17861
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17862
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\System32\\cfgmgr32.dll"
              }
            ],
            "repeated": 0,
            "id": 17863
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000790"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\cfgmgr32.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17864
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000790"
              }
            ],
            "repeated": 0,
            "id": 17865
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\System32\\cfgmgr32"
              },
              {
                "name": "DllBase",
                "value": "0x75720000"
              }
            ],
            "repeated": 0,
            "id": 17866
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DDRAW.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17867
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D8.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17868
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d94d9",
            "parentcaller": "0x745d924b",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "D3D9.DLL"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17869
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9691",
            "parentcaller": "0x745d8a62",
            "category": "misc",
            "api": "RtlDosPathNameToNtPathName_U",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "DosFileName",
                "value": "C:\\Windows\\SYSTEM32\\dxcore.dll"
              }
            ],
            "repeated": 0,
            "id": 17870
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d96d0",
            "parentcaller": "0x745d8a62",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000790"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020000",
                "pretty_value": "READ_CONTROL"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\DXCore.dll"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              }
            ],
            "repeated": 0,
            "id": 17871
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000790"
              }
            ],
            "repeated": 0,
            "id": 17872
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x745d9771",
            "parentcaller": "0x745d8a62",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\dxcore"
              },
              {
                "name": "DllBase",
                "value": "0x6f840000"
              }
            ],
            "repeated": 0,
            "id": 17873
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x7572d193",
            "parentcaller": "0x75731bb5",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000790"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80000000",
                "pretty_value": "GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "\\Device\\DeviceApi\\CMApi"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "0"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17874
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f3002d",
            "parentcaller": "0x75728278",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 17875
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f3002d",
            "parentcaller": "0x75728278",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\cfgmgr32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75720000"
              },
              {
                "name": "InitRoutine",
                "value": "0x7572d450"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17876
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b8f11f",
            "parentcaller": "0x6f85aba8",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "api-ms-win-core-synch-l1-2-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              }
            ],
            "repeated": 0,
            "id": 17877
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x6f85abcf",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "InitializeConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f64d50"
              }
            ],
            "repeated": 0,
            "id": 17878
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x6f85abdd",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "SleepConditionVariableCS"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c33860"
              }
            ],
            "repeated": 0,
            "id": 17879
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x6f85abeb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNELBASE.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75a80000"
              },
              {
                "name": "FunctionName",
                "value": "WakeAllConditionVariable"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6a4b0"
              }
            ],
            "repeated": 0,
            "id": 17880
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f868000"
              },
              {
                "name": "ModuleName",
                "value": "dxcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17881
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f868000"
              },
              {
                "name": "ModuleName",
                "value": "dxcore.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17882
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "system",
            "api": "LdrpCallInitRoutine",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "MappedPath",
                "value": "\\Device\\HarddiskVolume2\\Windows\\SysWOW64\\DXCore"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f840000"
              },
              {
                "name": "InitRoutine",
                "value": "0x6f85a570"
              },
              {
                "name": "Reason",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 17883
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fe9f",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17884
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4fed4",
            "parentcaller": "0x76f4fd94",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17885
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a3c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00009000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17886
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x75ba4eeb",
            "parentcaller": "0x6fb49a4f",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 17887
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a45000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17888
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a47000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17889
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x08a49000"
              },
              {
                "name": "RegionSize",
                "value": "0x00006000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17890
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f4054c",
            "parentcaller": "0x76f47a93",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00200000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17891
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f405ab",
            "parentcaller": "0x76f47a93",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea00000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17892
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea03000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17893
          },
          {
            "timestamp": "2026-06-28 21:56:20,839",
            "thread_id": "2784",
            "caller": "0x72460e31",
            "parentcaller": "0x7247109e",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17894
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d3d10warp.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17895
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75baa5a4",
            "parentcaller": "0x7248d6a4",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\d3d10warp.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb5{\\x145\\xb9\\xba\\xd7\\x01\\x13\\x88\\xf0\\xb5v\\x07\\xdd\\x01Vg 5\\xb9\\xba\\xd7\\x01\\xc9\"H\\xa2}\\x07\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17896
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b9106a",
            "parentcaller": "0x7248d6ab",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007bc"
              }
            ],
            "repeated": 0,
            "id": 17897
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b9800a",
            "parentcaller": "0x72472253",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f870000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "199"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6f8dc160"
              }
            ],
            "repeated": 0,
            "id": 17898
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x7247231a",
            "parentcaller": "0x72490b61",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17899
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8feda",
            "parentcaller": "0x7245eaab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17900
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d3d10warp.dll"
              }
            ],
            "repeated": 0,
            "id": 17901
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ff33",
            "parentcaller": "0x7245eaab",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17902
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ed45",
            "parentcaller": "0x7245ead2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17903
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f4539b",
            "parentcaller": "0x75b90a7e",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d3d10warp.dll"
              }
            ],
            "repeated": 0,
            "id": 17904
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ed83",
            "parentcaller": "0x7245ead2",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17905
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b7a3bc",
            "parentcaller": "0x75b8ef0f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007bc"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\d3d10warp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              }
            ],
            "repeated": 0,
            "id": 17906
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b7a3f4",
            "parentcaller": "0x75b8ef0f",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000007bc"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\d3d10warp.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "4",
                "pretty_value": "FileBasicInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb5{\\x145\\xb9\\xba\\xd7\\x01\\x13\\x88\\xf0\\xb5v\\x07\\xdd\\x01Vg 5\\xb9\\xba\\xd7\\x01\\xc9\"H\\xa2}\\x07\\xdd\\x01 \\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17907
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b7a455",
            "parentcaller": "0x75b8ef0f",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007bc"
              }
            ],
            "repeated": 0,
            "id": 17908
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea07000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17909
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8feda",
            "parentcaller": "0x7220fec6",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17910
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ff33",
            "parentcaller": "0x7220fec6",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17911
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ed45",
            "parentcaller": "0x7220feeb",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17912
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8ed83",
            "parentcaller": "0x7220feeb",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17913
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b7a3bc",
            "parentcaller": "0x75b8ef0f",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\d3d10warp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              }
            ],
            "repeated": 0,
            "id": 17914
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e08000"
              },
              {
                "name": "RegionSize",
                "value": "0x00019000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17915
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea0b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17916
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea0e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17917
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea11000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17918
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea14000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17919
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0972e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00030000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17920
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea17000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17921
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007c4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 17922
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f0"
              }
            ],
            "repeated": 0,
            "id": 17923
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 17924
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000006a8"
              }
            ],
            "repeated": 0,
            "id": 17925
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 17926
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 17927
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 17928
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005ea"
              }
            ],
            "repeated": 0,
            "id": 17929
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000624"
              }
            ],
            "repeated": 0,
            "id": 17930
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f4"
              }
            ],
            "repeated": 0,
            "id": 17931
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8696b",
            "parentcaller": "0x72bda914",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000548"
              }
            ],
            "repeated": 0,
            "id": 17932
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007c4"
              },
              {
                "name": "ValueName",
                "value": "UseSWRender"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseSWRender"
              }
            ],
            "repeated": 0,
            "id": 17933
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b859d1",
            "parentcaller": "0x75b8583c",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17934
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\Main"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main"
              }
            ],
            "repeated": 0,
            "id": 17935
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000548"
              },
              {
                "name": "ValueName",
                "value": "UseSWRender"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\UseSWRender"
              }
            ],
            "repeated": 0,
            "id": 17936
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17937
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17938
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17939
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17940
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtOpenFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00120089",
                "pretty_value": "FILE_GENERIC_READ"
              },
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\d3d10warp.dll"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              }
            ],
            "repeated": 0,
            "id": 17941
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85d04",
            "parentcaller": "0x75b85885",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "GPU"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU"
              }
            ],
            "repeated": 0,
            "id": 17942
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b85453",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "AdapterInfo"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo"
              }
            ],
            "repeated": 0,
            "id": 17943
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8561e",
            "parentcaller": "0x75b85243",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000005f4"
              },
              {
                "name": "ValueName",
                "value": "AdapterInfo"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"Hypervisor detected (Microsoft Hypervisor with SLAT support detected)\""
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo"
              }
            ],
            "repeated": 0,
            "id": 17944
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b91571",
            "parentcaller": "0x7330b7a4",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17945
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b90369",
            "parentcaller": "0x75b9009e",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17946
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75ba9417",
            "parentcaller": "0x7330b84f",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17947
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b91571",
            "parentcaller": "0x7330b807",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 17948
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75b8f828",
            "parentcaller": "0x75b8f48e",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005e8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000624"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\times.ttf"
              }
            ],
            "repeated": 0,
            "id": 17949
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75ba506b",
            "parentcaller": "0x75ba4fae",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000005e8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ec00000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3a458"
              },
              {
                "name": "ViewSize",
                "value": "0x00124000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17950
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 17951
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17952
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17953
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17954
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17955
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17956
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17957
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x00000000",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17958
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73336ce6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09c56000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000a000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17959
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17960
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17961
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2fae4",
            "parentcaller": "0x76f2f7cb",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 17962
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x73308057",
            "parentcaller": "0x73307fc1",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17963
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 1,
            "id": 17964
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x73308057",
            "parentcaller": "0x73307fc1",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17965
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17966
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x76f2f645",
            "parentcaller": "0x76f479e4",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x0001b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17967
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 17968
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 17969
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "EUDC\\1252"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\EUDC\\1252"
              }
            ],
            "repeated": 0,
            "id": 17970
          },
          {
            "timestamp": "2026-06-28 21:56:20,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17971
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00400000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17972
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 17973
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed30000"
              },
              {
                "name": "RegionSize",
                "value": "0x00023000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17974
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 17975
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17976
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x75ba4b01",
            "parentcaller": "0x73336ce6",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed53000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17977
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007cc"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x70f41410"
              },
              {
                "name": "Parameter",
                "value": "0x0ae8e000"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 17978
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000007cc",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x70f41410"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "Parameter",
                "value": "0x0ae8e000"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "1128"
              }
            ],
            "repeated": 0,
            "id": 17979
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01284000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17980
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17981
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 17982
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17983
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "98"
              }
            ],
            "repeated": 0,
            "id": 17984
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17985
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "98"
              }
            ],
            "repeated": 0,
            "id": 17986
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000007d8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 17987
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000007d8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f270000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3bc1c"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17988
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "28"
              }
            ],
            "repeated": 0,
            "id": 17989
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtCreateThreadEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0x000007e0"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "StartAddress",
                "value": "0x70f80790"
              },
              {
                "name": "Parameter",
                "value": "0x0ae4e360"
              },
              {
                "name": "CreateFlags",
                "value": "0x00000001"
              },
              {
                "name": "ThreadId",
                "value": "512"
              },
              {
                "name": "ProcessId",
                "value": "4500"
              },
              {
                "name": "Module",
                "value": "mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 17990
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "CreateThread",
            "status": true,
            "return": "0x000007e0",
            "arguments": [
              {
                "name": "StartRoutine",
                "value": "0x70f80790"
              },
              {
                "name": "ModuleName",
                "value": "mshtml.dll"
              },
              {
                "name": "Parameter",
                "value": "0x0ae4e360"
              },
              {
                "name": "CreationFlags",
                "value": "0x00000000"
              },
              {
                "name": "ThreadId",
                "value": "512"
              }
            ],
            "repeated": 0,
            "id": 17991
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75dd6000"
              },
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17992
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x75dd6000"
              },
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 17993
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "\\x15\\x10s\\x02\\x10E&E\\x99\\xe6\\xe5\\xa1~\\xbd\\x1a\\xea\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\x01\\xbd\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 17994
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 17995
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "58"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH\\xff\\xff\\xff\\xff"
              },
              {
                "name": "OutputBuffer",
                "value": "E\\x81\\xbc\\xa3mN\\xc6A"
              }
            ],
            "repeated": 0,
            "id": 17996
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b94081",
            "parentcaller": "0x7220e409",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0f3bfca0"
              }
            ],
            "repeated": 0,
            "id": 17997
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x76f561ea",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000670"
              }
            ],
            "repeated": 0,
            "id": 17998
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "device",
            "api": "NtPowerInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "InformationLevel",
                "value": "59"
              },
              {
                "name": "InputBuffer",
                "value": "Y\\x9a>]\\xd5\\xe9\\x00K\\xa6\\xbd\\xff4\\xffQeH"
              },
              {
                "name": "OutputBuffer",
                "value": "$\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xfc\\x91\\x11\\x03\\x1c\\x00\\x00\\x00\\xd0\\xba\\xf3\\x00"
              }
            ],
            "repeated": 0,
            "id": 17999
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x76f56211",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000640"
              }
            ],
            "repeated": 0,
            "id": 18000
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcess",
            "status": false,
            "return": "0xffffffffc0000022",
            "pretty_return": "ACCESS_DENIED",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00100040",
                "pretty_value": "PROCESS_DUP_HANDLE|SYNCHRONIZE"
              },
              {
                "name": "ProcessIdentifier",
                "value": "4500"
              }
            ],
            "repeated": 0,
            "id": 18001
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18002
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b90766",
            "parentcaller": "0x75b91282",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18003
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x722107eb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 18004
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x722107f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTEnumAdapters2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2dc0"
              }
            ],
            "repeated": 0,
            "id": 18005
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72210808",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 18006
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72210817",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 18007
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "3472",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea1c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18008
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18009
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 18010
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9db61",
            "parentcaller": "0x722179b0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18011
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b90766",
            "parentcaller": "0x722179ce",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18012
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromGdiDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d760"
              }
            ],
            "repeated": 0,
            "id": 18013
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a23",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromDeviceName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3090"
              }
            ],
            "repeated": 0,
            "id": 18014
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a3c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDisplayModeList"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e90"
              }
            ],
            "repeated": 0,
            "id": 18015
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d950"
              }
            ],
            "repeated": 0,
            "id": 18016
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a6e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33d0"
              }
            ],
            "repeated": 0,
            "id": 18017
          },
          {
            "timestamp": "2026-06-28 21:56:20,870",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 18018
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aa0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetGammaRamp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3400"
              }
            ],
            "repeated": 0,
            "id": 18019
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217abc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDeviceState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e80"
              }
            ],
            "repeated": 0,
            "id": 18020
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217ad5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 18021
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3640"
              }
            ],
            "repeated": 0,
            "id": 18022
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d900"
              }
            ],
            "repeated": 0,
            "id": 18023
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b35",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2be0"
              }
            ],
            "repeated": 0,
            "id": 18024
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ce0"
              }
            ],
            "repeated": 0,
            "id": 18025
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckVidPnExclusiveOwnership"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b70"
              }
            ],
            "repeated": 0,
            "id": 18026
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMonitorPowerState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b10"
              }
            ],
            "repeated": 0,
            "id": 18027
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b97",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckSharedResourceAccess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b60"
              }
            ],
            "repeated": 0,
            "id": 18028
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bb1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c40"
              }
            ],
            "repeated": 0,
            "id": 18029
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bcb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d30"
              }
            ],
            "repeated": 0,
            "id": 18030
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217be5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetFrameInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3190"
              }
            ],
            "repeated": 0,
            "id": 18031
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetMetaData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31a0"
              }
            ],
            "repeated": 0,
            "id": 18032
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetPointerShapeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31b0"
              }
            ],
            "repeated": 0,
            "id": 18033
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c33",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplReleaseFrame"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31d0"
              }
            ],
            "repeated": 0,
            "id": 18034
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c4d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3650"
              }
            ],
            "repeated": 0,
            "id": 18035
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c67",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDWMVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e70"
              }
            ],
            "repeated": 0,
            "id": 18036
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetSyncRefreshCountWaitTarget"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e34a0"
              }
            ],
            "repeated": 0,
            "id": 18037
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c9b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 18038
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217cb5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTChangeVideoMemoryReservation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2af0"
              }
            ],
            "repeated": 0,
            "id": 18039
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "512",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00004000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18040
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "3472",
            "caller": "0x75d6270a",
            "parentcaller": "0x70ac5450",
            "category": "windows",
            "api": "SendNotifyMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00070412"
              },
              {
                "name": "Message",
                "value": "0x00000218"
              }
            ],
            "repeated": 0,
            "id": 18041
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "3472",
            "caller": "0x75b90766",
            "parentcaller": "0x75b91282",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 18042
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01285000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18043
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x01287000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18044
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f312cf",
            "parentcaller": "0x76f3104a",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000009",
                "pretty_value": "KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager"
              }
            ],
            "repeated": 0,
            "id": 18045
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f312ec",
            "parentcaller": "0x76f3104a",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000544"
              },
              {
                "name": "ValueName",
                "value": "ResourcePolicies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies"
              }
            ],
            "repeated": 0,
            "id": 18046
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f31302",
            "parentcaller": "0x76f3104a",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000544"
              }
            ],
            "repeated": 0,
            "id": 18047
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f2effb",
            "parentcaller": "0x76f2eef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f500000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18048
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f2f042",
            "parentcaller": "0x76f2eef0",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f500000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18049
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "user32"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 18050
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea22000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18051
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "842"
              },
              {
                "name": "y",
                "value": "258"
              }
            ],
            "repeated": 0,
            "id": 18052
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "421"
              },
              {
                "name": "y",
                "value": "113"
              }
            ],
            "repeated": 0,
            "id": 18053
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x76f66416",
            "parentcaller": "0x76f66321",
            "category": "threading",
            "api": "NtTestAlert",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18054
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1896",
            "caller": "0x00000000",
            "parentcaller": "0x00000000",
            "category": "threading",
            "api": "RtlUserThreadStart",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "StartAddress",
                "value": "0x00000000"
              },
              {
                "name": "Parameter",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18055
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "416"
              },
              {
                "name": "y",
                "value": "118"
              }
            ],
            "repeated": 2,
            "id": 18056
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 18057
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\mshtml.tlb"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18058
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 18059
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "MZ\\x90\\x00\\x03\\x00\\x00\\x00\\x04\\x00\\x00\\x00\\xff\\xff\\x00\\x00\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\xb8\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "64"
              }
            ],
            "repeated": 0,
            "id": 18060
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18061
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18062
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb8\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18063
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "PE\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 18064
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xd0\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18065
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xb0\\x01\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18066
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": ".text\\x00\\x00\\x00\\xb0\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00@\\x00\\x00@"
              },
              {
                "name": "Length",
                "value": "80"
              }
            ],
            "repeated": 0,
            "id": 18067
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 18068
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18069
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 18070
          },
          {
            "timestamp": "2026-06-28 21:56:20,885",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 18071
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\xa0\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18072
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "\\x07\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 18073
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x18\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18074
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 18075
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": " \\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18076
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 18077
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "0\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 1,
            "id": 18078
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "\\x01\\x00\\x00\\x00P\\x00\\x00\\x80"
              },
              {
                "name": "Length",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 18079
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 2,
            "id": 18080
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "P\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18081
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00"
              },
              {
                "name": "Length",
                "value": "24"
              }
            ],
            "repeated": 0,
            "id": 18082
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18083
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtSetInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "14",
                "pretty_value": "FilePositionInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x80\\x04\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18084
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtReadFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "Buffer",
                "value": "($\\x00\\x00\\xf8\\x02*\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "Length",
                "value": "16"
              }
            ],
            "repeated": 0,
            "id": 18085
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              },
              {
                "name": "FileInformationClass",
                "value": "5",
                "pretty_value": "FileStandardInformation"
              },
              {
                "name": "FileInformation",
                "value": "\\x00\\x10*\\x00\\x00\\x00\\x00\\x00\\x00\\x0c*\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18086
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000544"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\SysWOW64\\mshtml.tlb"
              }
            ],
            "repeated": 0,
            "id": 18087
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000006a8"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f510000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3aaac"
              },
              {
                "name": "ViewSize",
                "value": "0x002a1000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18088
          },
          {
            "timestamp": "2026-06-28 21:56:20,901",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea27000"
              },
              {
                "name": "RegionSize",
                "value": "0x00024000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18089
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea4b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18090
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 18091
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryInfoKeyW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000542"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "SubKeyCount",
                "value": "1"
              },
              {
                "name": "MaxSubKeyLength",
                "value": "0"
              },
              {
                "name": "MaxClassLength",
                "value": "0"
              },
              {
                "name": "ValueCount",
                "value": "0"
              },
              {
                "name": "MaxValueNameLength",
                "value": "0"
              },
              {
                "name": "MaxValueLength",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18092
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegEnumKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "Index",
                "value": "0"
              },
              {
                "name": "Name",
                "value": "7.0.3300.0"
              },
              {
                "name": "Class",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0"
              }
            ],
            "repeated": 0,
            "id": 18093
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x00000542"
              },
              {
                "name": "SubKey",
                "value": "7.0.3300.0"
              },
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0"
              }
            ],
            "repeated": 0,
            "id": 18094
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": "ImplementedInThisVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\ImplementedInThisVersion"
              }
            ],
            "repeated": 0,
            "id": 18095
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": "Assembly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly"
              }
            ],
            "repeated": 0,
            "id": 18096
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": "Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class"
              }
            ],
            "repeated": 0,
            "id": 18097
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": "RuntimeVersion"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion"
              }
            ],
            "repeated": 0,
            "id": 18098
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              },
              {
                "name": "ValueName",
                "value": "RuntimeVersion"
              },
              {
                "name": "Data",
                "value": "v1.0.3705"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion"
              }
            ],
            "repeated": 0,
            "id": 18099
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000005f2"
              }
            ],
            "repeated": 0,
            "id": 18100
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              }
            ],
            "repeated": 0,
            "id": 18101
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32\\7.0.3300.0"
              },
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32\\7.0.3300.0"
              }
            ],
            "repeated": 0,
            "id": 18102
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": "Class"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class"
              }
            ],
            "repeated": 0,
            "id": 18103
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": "Class"
              },
              {
                "name": "Data",
                "value": "mshtml.HTMLDocumentClass"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class"
              }
            ],
            "repeated": 0,
            "id": 18104
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": "Assembly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly"
              }
            ],
            "repeated": 0,
            "id": 18105
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": "Assembly"
              },
              {
                "name": "Data",
                "value": "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly"
              }
            ],
            "repeated": 0,
            "id": 18106
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": "CodeBase"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\CodeBase"
              }
            ],
            "repeated": 0,
            "id": 18107
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              }
            ],
            "repeated": 0,
            "id": 18108
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x80000000",
                "pretty_value": "HKEY_CLASSES_ROOT"
              },
              {
                "name": "SubKey",
                "value": "CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32"
              },
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "FullName",
                "value": "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32"
              }
            ],
            "repeated": 0,
            "id": 18109
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18110
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegQueryValueExW",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              },
              {
                "name": "ValueName",
                "value": ""
              },
              {
                "name": "Data",
                "value": "C:\\Windows\\SysWOW64\\mshtml.dll"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)"
              }
            ],
            "repeated": 0,
            "id": 18111
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegCloseKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000542"
              }
            ],
            "repeated": 0,
            "id": 18112
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea5b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18113
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "v4.0_policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 18114
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "registry",
            "api": "RegOpenKeyExW",
            "status": false,
            "return": "0x00000002",
            "arguments": [
              {
                "name": "Registry",
                "value": "0x000003a8"
              },
              {
                "name": "SubKey",
                "value": "policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a"
              },
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a"
              }
            ],
            "repeated": 0,
            "id": 18115
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea5d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18116
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18117
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18118
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18119
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_32\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18120
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": false,
            "return": "0xffffffffc000003a",
            "pretty_return": "OBJECT_PATH_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18121
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18122
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 18123
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "GetNativeSystemInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75151eb0"
              }
            ],
            "repeated": 0,
            "id": 18124
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "FindFirstFileExW",
            "status": false,
            "return": "0xffffffffffffffff",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.mshtml\\*"
              }
            ],
            "repeated": 1,
            "id": 18125
          },
          {
            "timestamp": "2026-06-28 21:56:20,917",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "5",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18126
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "1",
                "pretty_value": "FILE_SHARE_READ"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000080",
                "pretty_value": "FILE_ATTRIBUTE_NORMAL"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18127
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000540"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18128
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryFullAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18129
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000007f4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x000005f0"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll"
              }
            ],
            "repeated": 0,
            "id": 18130
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000007f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f7c0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f38438"
              },
              {
                "name": "ViewSize",
                "value": "0x007a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18131
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x40000003",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x000007f4"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ff70000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f38438"
              },
              {
                "name": "ViewSize",
                "value": "0x007a6000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18132
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f7c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18133
          },
          {
            "timestamp": "2026-06-28 21:56:20,948",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000540"
              }
            ],
            "repeated": 0,
            "id": 18134
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.INI"
              }
            ],
            "repeated": 0,
            "id": 18135
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f7c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00070000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18136
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f7c0000"
              },
              {
                "name": "RegionSize",
                "value": "0x0006d000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18137
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f82d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18138
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f82e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18139
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea5f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18140
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f82f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18141
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18142
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f830000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18143
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f831000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18144
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f832000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18145
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f833000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18146
          },
          {
            "timestamp": "2026-06-28 21:56:20,964",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f834000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18147
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f835000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18148
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f836000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18149
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f83b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18150
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f83c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18151
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f83d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18152
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea64000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18153
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f83e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18154
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f83f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18155
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18156
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f840000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18157
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "NtQueryLicenseValue",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Name",
                "value": "TerminalServices-RemoteConnectionManager-AllowAppServerMode"
              },
              {
                "name": "Type",
                "value": "0x00000004"
              }
            ],
            "repeated": 0,
            "id": 18158
          },
          {
            "timestamp": "2026-06-28 21:56:20,979",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c546000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18159
          },
          {
            "timestamp": "2026-06-28 21:56:20,995",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c547000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18160
          },
          {
            "timestamp": "2026-06-28 21:56:20,995",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c56f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18161
          },
          {
            "timestamp": "2026-06-28 21:56:20,995",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18162
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f850000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18163
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0b228000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18164
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f841000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18165
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c548000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18166
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c549000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18167
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f842000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18168
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f851000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18169
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18170
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f852000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18171
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18172
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f843000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18173
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18174
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea69000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18175
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea6c000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18176
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea6f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18177
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18178
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18179
          },
          {
            "timestamp": "2026-06-28 21:56:21,010",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0c54f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18180
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea72000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18181
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea74000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18182
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea77000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18183
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea78000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18184
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea7b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18185
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea7d000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18186
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f853000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18187
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f854000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18188
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f855000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000040",
                "pretty_value": "PAGE_EXECUTE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18189
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea7f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18190
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea81000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18191
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea83000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18192
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f844000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18193
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "kernel32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75130000"
              }
            ],
            "repeated": 0,
            "id": 18194
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75130000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "kernel32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18195
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "KERNEL32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75130000"
              },
              {
                "name": "FunctionName",
                "value": "AddDllDirectory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75c2e970"
              }
            ],
            "repeated": 0,
            "id": 18196
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "wldp.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x746b0000"
              }
            ],
            "repeated": 0,
            "id": 18197
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x746b0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "wldp.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 18198
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56e08b",
            "parentcaller": "0x0129d7cc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Wldp.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x746b0000"
              },
              {
                "name": "FunctionName",
                "value": "WldpGetLockdownPolicy"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x746b70c0"
              }
            ],
            "repeated": 0,
            "id": 18199
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              },
              {
                "name": "EventName",
                "value": "Global\\TabletHardwarePresent"
              }
            ],
            "repeated": 0,
            "id": 18200
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18201
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18202
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              }
            ],
            "repeated": 0,
            "id": 18203
          },
          {
            "timestamp": "2026-06-28 21:56:21,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              },
              {
                "name": "EventName",
                "value": "Global\\TabletHardwarePresent"
              }
            ],
            "repeated": 0,
            "id": 18204
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18205
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18206
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007fc"
              }
            ],
            "repeated": 0,
            "id": 18207
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18208
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel"
              }
            ],
            "repeated": 0,
            "id": 18209
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "3C374A40-BAE4-11CF-BF7D-00AA006946EE"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "3C374A41-BAE4-11CF-BF7D-00AA006946EE"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18210
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18211
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\Secur32"
              },
              {
                "name": "DllBase",
                "value": "0x6f830000"
              }
            ],
            "repeated": 0,
            "id": 18212
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "Secur32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f830000"
              }
            ],
            "repeated": 0,
            "id": 18213
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "Secur32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f830000"
              },
              {
                "name": "FunctionName",
                "value": "GetUserNameExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7429dbe0"
              }
            ],
            "repeated": 0,
            "id": 18214
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18215
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 18216
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18217
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\MLANG"
              },
              {
                "name": "DllBase",
                "value": "0x6f7f0000"
              }
            ],
            "repeated": 0,
            "id": 18218
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "MLANG.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7f0000"
              }
            ],
            "repeated": 0,
            "id": 18219
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "MLANG.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f7f0000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "112"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6f7fa470"
              }
            ],
            "repeated": 0,
            "id": 18220
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18221
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18222
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x71f90000"
              },
              {
                "name": "FunctionName",
                "value": "PSCreateMemoryPropertyStore"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x71fbabd0"
              }
            ],
            "repeated": 0,
            "id": 18223
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18224
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72044000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18225
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72044000"
              },
              {
                "name": "ModuleName",
                "value": "PROPSYS.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18226
          },
          {
            "timestamp": "2026-06-28 21:56:21,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18227
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "DllLoadNotification",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "NotificationReason",
                "value": "load"
              },
              {
                "name": "DllName",
                "value": "C:\\Windows\\SYSTEM32\\WININET"
              },
              {
                "name": "DllBase",
                "value": "0x6f3a0000"
              }
            ],
            "repeated": 0,
            "id": 18228
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18229
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "WININET.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f3a0000"
              }
            ],
            "repeated": 0,
            "id": 18230
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x6f3a0000"
              },
              {
                "name": "FunctionName",
                "value": "GetUrlCacheEntryBinaryBlob"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x6f6b3a40"
              }
            ],
            "repeated": 0,
            "id": 18231
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7322b000"
              },
              {
                "name": "ModuleName",
                "value": "ieframe.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18232
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x000007f8"
              }
            ],
            "repeated": 0,
            "id": 18233
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "10"
              },
              {
                "name": "TokenInformation",
                "value": "\\xf3I\\x18\\x00\\x00\\x00\\x00\\x00\\x8aI\n\\x00\\x00\\x00\\x00\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x7f\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x10\\x00\\x00\\x88\\x0f\\x00\\x00\\x0e\\x00\\x00\\x00\\x06\\x00\\x00\\x00\"J\\x18\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18234
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "3"
              },
              {
                "name": "TokenInformation",
                "value": "\\x06\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x13\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x17\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x19\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00!\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18235
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007f8"
              }
            ],
            "repeated": 0,
            "id": 18236
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18237
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18238
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\n\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 18239
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18240
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18241
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18242
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007f8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 18243
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007f8"
              },
              {
                "name": "ValueName",
                "value": "SyncMode5"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SyncMode5"
              }
            ],
            "repeated": 0,
            "id": 18244
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18245
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"
              }
            ],
            "repeated": 0,
            "id": 18246
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000540"
              },
              {
                "name": "ValueName",
                "value": "SessionStartTimeDefaultDeltaSecs"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\SessionStartTimeDefaultDeltaSecs"
              }
            ],
            "repeated": 0,
            "id": 18247
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18248
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000804"
              }
            ],
            "repeated": 0,
            "id": 18249
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "D\\xa1\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18250
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000804"
              }
            ],
            "repeated": 0,
            "id": 18251
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18252
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000804"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache"
              }
            ],
            "repeated": 0,
            "id": 18253
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000808"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000804"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Extensible Cache"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache"
              }
            ],
            "repeated": 0,
            "id": 18254
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18255
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18256
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18257
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18258
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "X\\x9f\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18259
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18260
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18261
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000810"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              }
            ],
            "repeated": 0,
            "id": 18262
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18263
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category"
              }
            ],
            "repeated": 0,
            "id": 18264
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Local AppData"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name"
              }
            ],
            "repeated": 0,
            "id": 18265
          },
          {
            "timestamp": "2026-06-28 21:56:21,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 18266
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description"
              }
            ],
            "repeated": 0,
            "id": 18267
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 18268
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 18269
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 18270
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 18271
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 18272
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security"
              }
            ],
            "repeated": 0,
            "id": 18273
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 18274
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 18275
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 18276
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 18277
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 18278
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 18279
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 18280
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 18281
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18282
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 18283
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 18284
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18285
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18286
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18287
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18288
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18289
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\\\x9d\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\xdc\\x9d\\xf3\\x00\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x00\\x9e\\xf3\\x00\\xfc\\x9d\\xf3\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18290
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18291
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18292
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18293
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 18294
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18295
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18296
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c3b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18297
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x72c3b000"
              },
              {
                "name": "ModuleName",
                "value": "iertutil.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18298
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18299
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18300
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xb8\\x9a\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18301
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18302
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18303
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000080c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}"
              }
            ],
            "repeated": 0,
            "id": 18304
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18305
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category"
              }
            ],
            "repeated": 0,
            "id": 18306
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Cache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name"
              }
            ],
            "repeated": 0,
            "id": 18307
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 18308
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description"
              }
            ],
            "repeated": 0,
            "id": 18309
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 18310
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 18311
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 18312
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 18313
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 18314
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security"
              }
            ],
            "repeated": 0,
            "id": 18315
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 18316
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 18317
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 18318
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 18319
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 18320
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 18321
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 18322
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 18323
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18324
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 18325
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 18326
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18327
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18328
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18329
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18330
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18331
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xbc\\x98\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff<\\x99\\xf3\\x00\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st`\\x99\\xf3\\x00\\\\x99\\xf3\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18332
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18333
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18334
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18335
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "ValueName",
                "value": "Cache"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache"
              }
            ],
            "repeated": 0,
            "id": 18336
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18337
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18338
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18339
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18340
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18341
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18342
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18343
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18344
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              }
            ],
            "repeated": 0,
            "id": 18345
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              }
            ],
            "repeated": 0,
            "id": 18346
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18347
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18348
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows"
              }
            ],
            "repeated": 0,
            "id": 18349
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18350
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.IE5"
              }
            ],
            "repeated": 0,
            "id": 18351
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE"
              }
            ],
            "repeated": 0,
            "id": 18352
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18353
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18354
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x9d\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18355
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18356
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18357
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000810"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}"
              }
            ],
            "repeated": 0,
            "id": 18358
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18359
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category"
              }
            ],
            "repeated": 0,
            "id": 18360
          },
          {
            "timestamp": "2026-06-28 21:56:21,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Cookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name"
              }
            ],
            "repeated": 0,
            "id": 18361
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 18362
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description"
              }
            ],
            "repeated": 0,
            "id": 18363
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\INetCookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 18364
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 18365
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 18366
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 18367
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 18368
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security"
              }
            ],
            "repeated": 0,
            "id": 18369
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 18370
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 18371
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 18372
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 18373
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 18374
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 18375
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 18376
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 18377
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18378
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 18379
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 18380
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18381
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18382
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18383
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18384
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18385
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x04\\x9b\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x84\\x9b\\xf3\\x00\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\xa8\\x9b\\xf3\\x00\\xa4\\x9b\\xf3\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18386
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18387
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18388
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18389
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "Cookies"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cookies"
              }
            ],
            "repeated": 0,
            "id": 18390
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18391
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18392
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18393
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18394
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18395
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18396
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18397
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18398
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18399
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18400
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18401
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18402
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows"
              }
            ],
            "repeated": 0,
            "id": 18403
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18404
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18405
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18406
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18407
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000804"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Content"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content"
              }
            ],
            "repeated": 0,
            "id": 18408
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CachePrefix"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Buffer",
                "value": ""
              },
              {
                "name": "BufferLength",
                "value": "2"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CachePrefix"
              }
            ],
            "repeated": 0,
            "id": 18409
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CacheVersion"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheVersion"
              }
            ],
            "repeated": 0,
            "id": 18410
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CacheLimit"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "337920"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheLimit"
              }
            ],
            "repeated": 0,
            "id": 18411
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18412
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18413
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18414
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18415
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18416
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18417
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18418
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18419
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18420
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18421
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18422
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows"
              }
            ],
            "repeated": 0,
            "id": 18423
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18424
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
              }
            ],
            "repeated": 0,
            "id": 18425
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000804"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Cookies"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies"
              }
            ],
            "repeated": 0,
            "id": 18426
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CachePrefix"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Buffer",
                "value": "Cookie:"
              },
              {
                "name": "BufferLength",
                "value": "16"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CachePrefix"
              }
            ],
            "repeated": 0,
            "id": 18427
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CacheVersion"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheVersion"
              }
            ],
            "repeated": 0,
            "id": 18428
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "CacheLimit"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheLimit"
              }
            ],
            "repeated": 0,
            "id": 18429
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18430
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18431
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18432
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\xd8\\x9f\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18433
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18434
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions"
              }
            ],
            "repeated": 0,
            "id": 18435
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000080c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}"
              }
            ],
            "repeated": 0,
            "id": 18436
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18437
          },
          {
            "timestamp": "2026-06-28 21:56:21,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Category"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "4"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category"
              }
            ],
            "repeated": 0,
            "id": 18438
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Name"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name"
              }
            ],
            "repeated": 0,
            "id": 18439
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParentFolder"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder"
              }
            ],
            "repeated": 0,
            "id": 18440
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Description"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description"
              }
            ],
            "repeated": 0,
            "id": 18441
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "RelativePath"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "Microsoft\\Windows\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath"
              }
            ],
            "repeated": 0,
            "id": 18442
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "ParsingName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName"
              }
            ],
            "repeated": 0,
            "id": 18443
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InfoTip"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip"
              }
            ],
            "repeated": 0,
            "id": 18444
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalizedName"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName"
              }
            ],
            "repeated": 0,
            "id": 18445
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Icon"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon"
              }
            ],
            "repeated": 0,
            "id": 18446
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Security"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security"
              }
            ],
            "repeated": 0,
            "id": 18447
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResource"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource"
              }
            ],
            "repeated": 0,
            "id": 18448
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "StreamResourceType"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType"
              }
            ],
            "repeated": 0,
            "id": 18449
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "LocalRedirectOnly"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly"
              }
            ],
            "repeated": 0,
            "id": 18450
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Roamable"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable"
              }
            ],
            "repeated": 0,
            "id": 18451
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PreCreate"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate"
              }
            ],
            "repeated": 0,
            "id": 18452
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Stream"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream"
              }
            ],
            "repeated": 0,
            "id": 18453
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "PublishExpandedPath"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath"
              }
            ],
            "repeated": 0,
            "id": 18454
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "DefinitionFlags"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags"
              }
            ],
            "repeated": 0,
            "id": 18455
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "Attributes"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes"
              }
            ],
            "repeated": 0,
            "id": 18456
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "FolderTypeID"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID"
              }
            ],
            "repeated": 0,
            "id": 18457
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "InitFolderHandler"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler"
              }
            ],
            "repeated": 0,
            "id": 18458
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PropertyBag"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag"
              }
            ],
            "repeated": 0,
            "id": 18459
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18460
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18461
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18462
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18463
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\xdc\\x9d\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\\\x9e\\xf3\\x00\\x07\\xbb\\x84t\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x16\\xbb\\x84t|\\xd0st\\x80\\x9e\\xf3\\x00|\\x9e\\xf3\\x00\\x02\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18464
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18465
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000814"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18466
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18467
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "History"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\History"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\History"
              }
            ],
            "repeated": 0,
            "id": 18468
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18469
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000818"
              }
            ],
            "repeated": 0,
            "id": 18470
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18471
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh"
              }
            ],
            "repeated": 0,
            "id": 18472
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18473
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18474
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local"
              }
            ],
            "repeated": 0,
            "id": 18475
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18476
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "CreateDirectoryW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "DirectoryName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History"
              }
            ],
            "repeated": 0,
            "id": 18477
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History"
              }
            ],
            "repeated": 0,
            "id": 18478
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18479
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18480
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History"
              }
            ],
            "repeated": 0,
            "id": 18481
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18482
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryAttributesFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5"
              }
            ],
            "repeated": 0,
            "id": 18483
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000804"
              },
              {
                "name": "ObjectAttributesName",
                "value": "History"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History"
              }
            ],
            "repeated": 0,
            "id": 18484
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtSetValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "CachePrefix"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Buffer",
                "value": "Visited:"
              },
              {
                "name": "BufferLength",
                "value": "18"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CachePrefix"
              }
            ],
            "repeated": 0,
            "id": 18485
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "CacheVersion"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheVersion"
              }
            ],
            "repeated": 0,
            "id": 18486
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "CacheLimit"
              },
              {
                "name": "Type",
                "value": "4",
                "pretty_value": "REG_DWORD"
              },
              {
                "name": "Information",
                "value": "1"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheLimit"
              }
            ],
            "repeated": 0,
            "id": 18487
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000818"
              }
            ],
            "repeated": 0,
            "id": 18488
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18489
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000024",
            "pretty_return": "OBJECT_TYPE_MISMATCH",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18490
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18491
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000818"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18492
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000818"
              }
            ],
            "repeated": 0,
            "id": 18493
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18494
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000464"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".DEFAULT"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_USERS\\.DEFAULT"
              }
            ],
            "repeated": 0,
            "id": 18495
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000818"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18496
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000818"
              }
            ],
            "repeated": 0,
            "id": 18497
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "Cache"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache"
              }
            ],
            "repeated": 0,
            "id": 18498
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18499
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
              }
            ],
            "repeated": 0,
            "id": 18500
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "Default"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default"
              }
            ],
            "repeated": 0,
            "id": 18501
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000818"
              },
              {
                "name": "ValueName",
                "value": "Default"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemDrive%\\Users\\Default"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default"
              }
            ],
            "repeated": 0,
            "id": 18502
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000818"
              }
            ],
            "repeated": 0,
            "id": 18503
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18504
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": false,
            "return": "0xffffffffc0000024",
            "pretty_return": "OBJECT_TYPE_MISMATCH",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18505
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000454"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SessionInfo\\2"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2"
              }
            ],
            "repeated": 0,
            "id": 18506
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000810"
              },
              {
                "name": "ObjectAttributesName",
                "value": "KnownFolders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders"
              }
            ],
            "repeated": 0,
            "id": 18507
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18508
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18509
          },
          {
            "timestamp": "2026-06-28 21:56:21,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000464"
              },
              {
                "name": "ObjectAttributesName",
                "value": ".DEFAULT"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_USERS\\.DEFAULT"
              }
            ],
            "repeated": 0,
            "id": 18510
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000810"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"
              }
            ],
            "repeated": 0,
            "id": 18511
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18512
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000080c"
              },
              {
                "name": "ValueName",
                "value": "Local AppData"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%USERPROFILE%\\AppData\\Local"
              },
              {
                "name": "FullName",
                "value": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData"
              }
            ],
            "repeated": 0,
            "id": 18513
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18514
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
              }
            ],
            "repeated": 0,
            "id": 18515
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "Default"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default"
              }
            ],
            "repeated": 0,
            "id": 18516
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000810"
              },
              {
                "name": "ValueName",
                "value": "Default"
              },
              {
                "name": "Type",
                "value": "2",
                "pretty_value": "REG_EXPAND_SZ"
              },
              {
                "name": "Information",
                "value": "%SystemDrive%\\Users\\Default"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default"
              }
            ],
            "repeated": 0,
            "id": 18517
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000810"
              }
            ],
            "repeated": 0,
            "id": 18518
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18519
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18520
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "<\\xa2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18521
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18522
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18523
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18524
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18525
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xa2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18526
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18527
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6f7bc000"
              },
              {
                "name": "ModuleName",
                "value": "WININET.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18528
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18529
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18530
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18531
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18532
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18533
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18534
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18535
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18536
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18537
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18538
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "<\\xa2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18539
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18540
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18541
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xa2\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18542
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000080c"
              }
            ],
            "repeated": 0,
            "id": 18543
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18544
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "4\\xa1\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18545
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000818"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f860000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3a2e4"
              },
              {
                "name": "ViewSize",
                "value": "0x00001000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18546
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18547
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "8\\xa3\\xf3\\x00`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18548
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18549
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18550
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x0000000f",
                "pretty_value": "KEY_QUERY_VALUE|KEY_SET_VALUE|KEY_CREATE_SUB_KEY|KEY_ENUMERATE_SUB_KEYS"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache"
              }
            ],
            "repeated": 0,
            "id": 18551
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18552
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 1,
            "id": 18553
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000810"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f870000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3a698"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18554
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "WKSCAL.EXE"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0138dc90"
              }
            ],
            "repeated": 0,
            "id": 18555
          },
          {
            "timestamp": "2026-06-28 21:56:21,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_IEDDE_REGISTER_URLECHO"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IEDDE_REGISTER_URLECHO"
              }
            ],
            "repeated": 0,
            "id": 18556
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f880000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18557
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f880000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18558
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "OleEndPointID"
              },
              {
                "name": "Atom",
                "value": "0x0000c044"
              }
            ],
            "repeated": 0,
            "id": 18559
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18560
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\Ole\\Extensions"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions"
              }
            ],
            "repeated": 0,
            "id": 18561
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000814"
              },
              {
                "name": "ValueName",
                "value": "DragDropExtension"
              },
              {
                "name": "Type",
                "value": "1",
                "pretty_value": "REG_SZ"
              },
              {
                "name": "Information",
                "value": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension"
              }
            ],
            "repeated": 0,
            "id": 18562
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "com",
            "api": "CoCreateInstance",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "rclsid",
                "value": "9FC8E510-A27C-4B3B-B9A3-BF65F00256A8"
              },
              {
                "name": "ClsContext",
                "value": "0x00000001",
                "pretty_value": "CLSCTX_INPROC_SERVER"
              },
              {
                "name": "riid",
                "value": "043250DB-3B6A-4141-8F21-AA2ED2BE3355"
              },
              {
                "name": "ProgID",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18563
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18564
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:90244"
              }
            ],
            "repeated": 0,
            "id": 18565
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18566
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x88\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18567
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000814"
              }
            ],
            "repeated": 0,
            "id": 18568
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenSection",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:90244"
              }
            ],
            "repeated": 0,
            "id": 18569
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000814"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:90244"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18570
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x00000814"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3ea64"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18571
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18572
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\twinapi.appcore.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72060000"
              }
            ],
            "repeated": 0,
            "id": 18573
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenProcessToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000008"
              },
              {
                "name": "TokenHandle",
                "value": "0x0000081c"
              }
            ],
            "repeated": 0,
            "id": 18574
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "25"
              },
              {
                "name": "TokenInformation",
                "value": "\\x08\\x88\\x9c\\x08`\\x00\\x00\\x00\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x10\\x00 \\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18575
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000081c"
              }
            ],
            "repeated": 0,
            "id": 18576
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtOpenSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000081c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000004"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:90244"
              }
            ],
            "repeated": 0,
            "id": 18577
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000081c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3ea8c"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18578
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18579
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000081c"
              }
            ],
            "repeated": 0,
            "id": 18580
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000081c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0007",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ|SECTION_MAP_WRITE"
              },
              {
                "name": "ObjectAttributes",
                "value": "1194HWNDInterface:90244"
              },
              {
                "name": "FileHandle",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18581
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000081c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3eab4"
              },
              {
                "name": "ViewSize",
                "value": "0x00010000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18582
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f890000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18583
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "FindWindowW",
            "status": true,
            "return": "0x0001010a",
            "arguments": [
              {
                "name": "ClassName",
                "value": "ApplicationManager_DesktopShellWindow"
              },
              {
                "name": "WindowName",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18584
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "synchronization",
            "api": "NtAddAtomEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "AtomName",
                "value": "{DADEF92C-227E-46C0-93C0-9FFFA4DC07D9}"
              },
              {
                "name": "Atom",
                "value": "0x0000c01f"
              }
            ],
            "repeated": 0,
            "id": 18585
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x0001010a"
              },
              {
                "name": "Message",
                "value": "0x0000c0c3"
              }
            ],
            "repeated": 0,
            "id": 18586
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "221"
              }
            ],
            "repeated": 0,
            "id": 18587
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18588
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18589
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18590
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000820"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Ftp"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Ftp"
              }
            ],
            "repeated": 0,
            "id": 18591
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000820"
              },
              {
                "name": "ValueName",
                "value": "Use Web Based FTP"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\FTP\\Use Web Based FTP"
              }
            ],
            "repeated": 0,
            "id": 18592
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18593
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Ftp"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ftp"
              }
            ],
            "repeated": 0,
            "id": 18594
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000824"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_HTTP_USERNAME_PASSWORD_DISABLE"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE"
              }
            ],
            "repeated": 0,
            "id": 18595
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000824"
              },
              {
                "name": "ValueName",
                "value": "HTMLive.exe"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\HTMLive.exe"
              }
            ],
            "repeated": 0,
            "id": 18596
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000824"
              },
              {
                "name": "ValueName",
                "value": "*"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*"
              }
            ],
            "repeated": 0,
            "id": 18597
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000824"
              }
            ],
            "repeated": 0,
            "id": 18598
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00070318"
              },
              {
                "name": "Message",
                "value": "0x0000070c"
              }
            ],
            "repeated": 0,
            "id": 18599
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "221"
              }
            ],
            "repeated": 2,
            "id": 18600
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18601
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18602
          },
          {
            "timestamp": "2026-06-28 21:56:21,135",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18603
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18604
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18605
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetDCDpiScaleValue"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501ade0"
              }
            ],
            "repeated": 0,
            "id": 18606
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\user32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 18607
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowDpiAwarenessContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d47e80"
              }
            ],
            "repeated": 0,
            "id": 18608
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetThreadDpiAwarenessContext"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4df30"
              }
            ],
            "repeated": 0,
            "id": 18609
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x096a5000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18610
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18611
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18612
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18613
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18614
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000082c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              }
            ],
            "repeated": 0,
            "id": 18615
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000082c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f9b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d53c"
              },
              {
                "name": "ViewSize",
                "value": "0x00258000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18616
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 18617
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18618
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18619
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e19000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18620
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18621
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed54000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18622
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtUnmapViewOfSectionEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f9b0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00258000"
              },
              {
                "name": "Flags",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18623
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000082c"
              }
            ],
            "repeated": 0,
            "id": 18624
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000828"
              }
            ],
            "repeated": 0,
            "id": 18625
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18626
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtCreateFile",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "DesiredAccess",
                "value": "0x80100080",
                "pretty_value": "GENERIC_READ|FILE_READ_ATTRIBUTES|SYNCHRONIZE"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "CreateDisposition",
                "value": "1",
                "pretty_value": "FILE_OPEN"
              },
              {
                "name": "ShareAccess",
                "value": "7",
                "pretty_value": "FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE"
              },
              {
                "name": "FileAttributes",
                "value": "0x00000000"
              },
              {
                "name": "ExistedBefore",
                "value": "yes"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18627
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "filesystem",
            "api": "NtQueryInformationFile",
            "status": false,
            "return": "0xffffffff80000005",
            "pretty_return": "BUFFER_OVERFLOW",
            "arguments": [
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "HandleName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              },
              {
                "name": "FileInformationClass",
                "value": "18",
                "pretty_value": "FileAllInformation"
              },
              {
                "name": "FileInformation",
                "value": ""
              }
            ],
            "repeated": 0,
            "id": 18628
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtSetInformationProcess",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessInformationClass",
                "value": "12"
              },
              {
                "name": "ProcessInformation",
                "value": "\\x00\\x80\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 18629
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtCreateSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000082c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x000f0005",
                "pretty_value": "STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|SECTION_MAP_READ"
              },
              {
                "name": "ObjectAttributes",
                "value": ""
              },
              {
                "name": "FileHandle",
                "value": "0x00000828"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Fonts\\seguisym.ttf"
              }
            ],
            "repeated": 0,
            "id": 18630
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtMapViewOfSection",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SectionHandle",
                "value": "0x0000082c"
              },
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f9b0000"
              },
              {
                "name": "SectionOffset",
                "value": "0x00f3d428"
              },
              {
                "name": "ViewSize",
                "value": "0x00258000"
              },
              {
                "name": "Win32Protect",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18631
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 18632
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18633
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18634
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18635
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18636
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e1e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18637
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18638
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed55000"
              },
              {
                "name": "RegionSize",
                "value": "0x0000b000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18639
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "24"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x05\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 18640
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18641
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ed60000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18642
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aea8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00008000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18643
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18644
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000830"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Avalon.Graphics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics"
              }
            ],
            "repeated": 0,
            "id": 18645
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18646
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Avalon.Graphics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics"
              }
            ],
            "repeated": 0,
            "id": 18647
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7344d000"
              },
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18648
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7344d000"
              },
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18649
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000830"
              },
              {
                "name": "ObjectAttributesName",
                "value": "DISPLAY1"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Avalon.Graphics\\DISPLAY1"
              }
            ],
            "repeated": 0,
            "id": 18650
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000830"
              }
            ],
            "repeated": 0,
            "id": 18651
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00002012"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18652
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000004a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18653
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000200a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18654
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000200c"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18655
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18656
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000830"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Avalon.Graphics"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics"
              }
            ],
            "repeated": 0,
            "id": 18657
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000830"
              },
              {
                "name": "KeyInformation",
                "value": "\\x03@\\x11\\xffefv\\x07\\xffdd\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1e\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "KeyInformationClass",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 18658
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000830"
              }
            ],
            "repeated": 0,
            "id": 18659
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000004a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18660
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000200a"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18661
          },
          {
            "timestamp": "2026-06-28 21:56:21,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x0000200c"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18662
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18663
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x00f3e0b8"
              }
            ],
            "repeated": 0,
            "id": 18664
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "dwrite.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x73290000"
              }
            ],
            "repeated": 0,
            "id": 18665
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "DWrite.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73290000"
              },
              {
                "name": "FunctionName",
                "value": "DWriteCreateFactory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73331c00"
              }
            ],
            "repeated": 0,
            "id": 18666
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0fc10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18667
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18668
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18669
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7fcd0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000020",
                "pretty_value": "PAGE_EXECUTE_READ"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18670
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0fc10000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "FreeType",
                "value": "0x00008000"
              }
            ],
            "repeated": 0,
            "id": 18671
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09743000"
              },
              {
                "name": "RegionSize",
                "value": "0x00018000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18672
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18673
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtFreeVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "FreeType",
                "value": "0x00004000"
              }
            ],
            "repeated": 0,
            "id": 18674
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000798"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18675
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "3796",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18676
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "3796",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000830"
              },
              {
                "name": "Milliseconds",
                "value": "1000"
              }
            ],
            "repeated": 0,
            "id": 18677
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "3796",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ea86000"
              },
              {
                "name": "RegionSize",
                "value": "0x00032000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18678
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "3796",
            "caller": "0x76f40787",
            "parentcaller": "0x76f4048f",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0eab8000"
              },
              {
                "name": "RegionSize",
                "value": "0x00015000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18679
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18680
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18681
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18682
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18683
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18684
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x725eb000"
              },
              {
                "name": "ModuleName",
                "value": "d3d11.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18685
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18686
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7031c000"
              },
              {
                "name": "ModuleName",
                "value": "d2d1.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18687
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18688
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18689
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18690
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x6fe00000"
              },
              {
                "name": "ModuleName",
                "value": "d3d10warp.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18691
          },
          {
            "timestamp": "2026-06-28 21:56:21,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "221"
              }
            ],
            "repeated": 1,
            "id": 18692
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18693
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18694
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18695
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              }
            ],
            "repeated": 0,
            "id": 18696
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18697
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              }
            ],
            "repeated": 0,
            "id": 18698
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000660"
              },
              {
                "name": "ObjectAttributesName",
                "value": "PrefetchPrerender"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              }
            ],
            "repeated": 0,
            "id": 18699
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18700
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\PrefetchPrerender"
              }
            ],
            "repeated": 0,
            "id": 18701
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b90766",
            "parentcaller": "0x72219379",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18702
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72219392",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 18703
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b94081",
            "parentcaller": "0x7220e409",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "FileName",
                "value": "DXCaptureReplay.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x0ea1cd70"
              }
            ],
            "repeated": 0,
            "id": 18704
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x76f561ea",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000838"
              }
            ],
            "repeated": 0,
            "id": 18705
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x76f56211",
            "parentcaller": "0x75ba9549",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000083c"
              }
            ],
            "repeated": 0,
            "id": 18706
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b90766",
            "parentcaller": "0x75b91282",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18707
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x722107eb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 18708
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x722107f9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTEnumAdapters2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2dc0"
              }
            ],
            "repeated": 0,
            "id": 18709
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72210808",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 18710
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72210817",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 18711
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9db61",
            "parentcaller": "0x722179b0",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18712
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b90766",
            "parentcaller": "0x722179ce",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "gdi32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75010000"
              }
            ],
            "repeated": 0,
            "id": 18713
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a0a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromGdiDisplayName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d760"
              }
            ],
            "repeated": 0,
            "id": 18714
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a23",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOpenAdapterFromDeviceName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3090"
              }
            ],
            "repeated": 0,
            "id": 18715
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a3c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDisplayModeList"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e90"
              }
            ],
            "repeated": 0,
            "id": 18716
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a55",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d950"
              }
            ],
            "repeated": 0,
            "id": 18717
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a6e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetDisplayMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e33d0"
              }
            ],
            "repeated": 0,
            "id": 18718
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217a87",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCloseAdapter"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b80"
              }
            ],
            "repeated": 0,
            "id": 18719
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aa0",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetGammaRamp"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3400"
              }
            ],
            "repeated": 0,
            "id": 18720
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217abc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDeviceState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e80"
              }
            ],
            "repeated": 0,
            "id": 18721
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217ad5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryAdapterInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3240"
              }
            ],
            "repeated": 0,
            "id": 18722
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217aee",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3640"
              }
            ],
            "repeated": 0,
            "id": 18723
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b17",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetVidPnSourceOwner1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7501d900"
              }
            ],
            "repeated": 0,
            "id": 18724
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b35",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2be0"
              }
            ],
            "repeated": 0,
            "id": 18725
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b4c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyDCFromMemory"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2ce0"
              }
            ],
            "repeated": 0,
            "id": 18726
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b63",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckVidPnExclusiveOwnership"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b70"
              }
            ],
            "repeated": 0,
            "id": 18727
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b7d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckMonitorPowerState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b10"
              }
            ],
            "repeated": 0,
            "id": 18728
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217b97",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCheckSharedResourceAccess"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2b60"
              }
            ],
            "repeated": 0,
            "id": 18729
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bb1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTCreateOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2c40"
              }
            ],
            "repeated": 0,
            "id": 18730
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bcb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTDestroyOutputDupl"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2d30"
              }
            ],
            "repeated": 0,
            "id": 18731
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217be5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetFrameInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3190"
              }
            ],
            "repeated": 0,
            "id": 18732
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217bff",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetMetaData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31a0"
              }
            ],
            "repeated": 0,
            "id": 18733
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c19",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplGetPointerShapeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31b0"
              }
            ],
            "repeated": 0,
            "id": 18734
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c33",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTOutputDuplReleaseFrame"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e31d0"
              }
            ],
            "repeated": 0,
            "id": 18735
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c4d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTWaitForVerticalBlankEvent2"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3650"
              }
            ],
            "repeated": 0,
            "id": 18736
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c67",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTGetDWMVerticalBlankEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2e70"
              }
            ],
            "repeated": 0,
            "id": 18737
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c81",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTSetSyncRefreshCountWaitTarget"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e34a0"
              }
            ],
            "repeated": 0,
            "id": 18738
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217c9b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTQueryVideoMemoryInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e3300"
              }
            ],
            "repeated": 0,
            "id": 18739
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "512",
            "caller": "0x75b9800a",
            "parentcaller": "0x72217cb5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "D3DKMTChangeVideoMemoryReservation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x761e2af0"
              }
            ],
            "repeated": 0,
            "id": 18740
          },
          {
            "timestamp": "2026-06-28 21:56:21,182",
            "thread_id": "2784",
            "caller": "0x07fa2dc6",
            "parentcaller": "0x09381420",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f845000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18741
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18742
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18743
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18744
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 18745
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18746
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 18747
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x75d20000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18748
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentInputMessageSource"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63de0"
              }
            ],
            "repeated": 0,
            "id": 18749
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "221"
              }
            ],
            "repeated": 0,
            "id": 18750
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0f8583a9",
            "parentcaller": "0x07fa2893",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "BeginPaint"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d638f0"
              }
            ],
            "repeated": 0,
            "id": 18751
          },
          {
            "timestamp": "2026-06-28 21:56:21,198",
            "thread_id": "2784",
            "caller": "0x0f858ff1",
            "parentcaller": "0x0f858aa3",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateHalftonePalette"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735114b0"
              }
            ],
            "repeated": 0,
            "id": 18752
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f858ad5",
            "parentcaller": "0x0f8584fb",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SelectPalette"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750143b0"
              }
            ],
            "repeated": 0,
            "id": 18753
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18754
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18755
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85887b",
            "parentcaller": "0x07fa2893",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "EndPaint"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63cf0"
              }
            ],
            "repeated": 0,
            "id": 18756
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18757
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 18758
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f8599d3",
            "parentcaller": "0x0f8598f4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016db0"
              }
            ],
            "repeated": 0,
            "id": 18759
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859bd5",
            "parentcaller": "0x0f859a5a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetObjectType"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75013bc0"
              }
            ],
            "repeated": 0,
            "id": 18760
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859d97",
            "parentcaller": "0x0f859bfe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleBitmap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750170a0"
              }
            ],
            "repeated": 0,
            "id": 18761
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859e02",
            "parentcaller": "0x0f859bfe",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetDIBits"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750170e0"
              }
            ],
            "repeated": 0,
            "id": 18762
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85a180",
            "parentcaller": "0x0f859eb5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750158a0"
              }
            ],
            "repeated": 0,
            "id": 18763
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859c6c",
            "parentcaller": "0x0f859a5a",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f882000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18764
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859c6c",
            "parentcaller": "0x0f859a5a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateDIBSection"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015ea0"
              }
            ],
            "repeated": 0,
            "id": 18765
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f859a7f",
            "parentcaller": "0x0f8598f4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SelectObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016cc0"
              }
            ],
            "repeated": 0,
            "id": 18766
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85a3bd",
            "parentcaller": "0x0f85a38f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipTranslateWorldTransform"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73508160"
              }
            ],
            "repeated": 0,
            "id": 18767
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85a4e2",
            "parentcaller": "0x0f85a4b4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSetClipRectI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734ccc00"
              }
            ],
            "repeated": 0,
            "id": 18768
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85a660",
            "parentcaller": "0x0f85862e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipSaveGraphics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73511270"
              }
            ],
            "repeated": 0,
            "id": 18769
          },
          {
            "timestamp": "2026-06-28 21:56:21,214",
            "thread_id": "2784",
            "caller": "0x0f85a7eb",
            "parentcaller": "0x0f858722",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipRestoreGraphics"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73544940"
              }
            ],
            "repeated": 0,
            "id": 18770
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "2784",
            "caller": "0x0f85b12d",
            "parentcaller": "0x0f85b08d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfo"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18771
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "2784",
            "caller": "0x0f85b12d",
            "parentcaller": "0x0f85b08d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SystemParametersInfoW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57470"
              }
            ],
            "repeated": 0,
            "id": 18772
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "2784",
            "caller": "0x0f85b237",
            "parentcaller": "0x0f85b12d",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 18773
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18774
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18775
          },
          {
            "timestamp": "2026-06-28 21:56:21,229",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 5,
            "id": 18776
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85c0bd",
            "parentcaller": "0x0f85c062",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetRegionHRgn"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735413f0"
              }
            ],
            "repeated": 0,
            "id": 18777
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85c7d0",
            "parentcaller": "0x0f85c799",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f883000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18778
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85c7d0",
            "parentcaller": "0x0f85c799",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateRectRgn"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016380"
              }
            ],
            "repeated": 0,
            "id": 18779
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85c6f5",
            "parentcaller": "0x0b23cec2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetClipRgn"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75017120"
              }
            ],
            "repeated": 0,
            "id": 18780
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85c8e7",
            "parentcaller": "0x0f85c70f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SelectClipRgn"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75015f30"
              }
            ],
            "repeated": 0,
            "id": 18781
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 7,
            "id": 18782
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85d0a3",
            "parentcaller": "0x0f85cf2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "DrawThemeBackground"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738a73a0"
              }
            ],
            "repeated": 0,
            "id": 18783
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85d0a3",
            "parentcaller": "0x0f85cf2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "DrawThemeBackgroundW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18784
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85d2c6",
            "parentcaller": "0x0f85d0ca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "CloseThemeData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738adce0"
              }
            ],
            "repeated": 0,
            "id": 18785
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85d2c6",
            "parentcaller": "0x0f85d0ca",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "CloseThemeDataW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18786
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85dafd",
            "parentcaller": "0x0f85da58",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetTextRenderingHint"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x73541d30"
              }
            ],
            "repeated": 0,
            "id": 18787
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85e0be",
            "parentcaller": "0x0f85dd5f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetTextAlign"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75013d70"
              }
            ],
            "repeated": 0,
            "id": 18788
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85e0f1",
            "parentcaller": "0x0f85ddb7",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetTextColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750142c0"
              }
            ],
            "repeated": 0,
            "id": 18789
          },
          {
            "timestamp": "2026-06-28 21:56:21,245",
            "thread_id": "2784",
            "caller": "0x0f85e12c",
            "parentcaller": "0x0f85def5",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "GetBkMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75018340"
              }
            ],
            "repeated": 0,
            "id": 18790
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "2784",
            "caller": "0x0f85e161",
            "parentcaller": "0x0f85df05",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SetBkMode"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016ff0"
              }
            ],
            "repeated": 0,
            "id": 18791
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "2784",
            "caller": "0x0f85e4dd",
            "parentcaller": "0x0f85e44a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "BitBlt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016e00"
              }
            ],
            "repeated": 0,
            "id": 18792
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "2784",
            "caller": "0x0f85e6f8",
            "parentcaller": "0x0f859b47",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteDC"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750168b0"
              }
            ],
            "repeated": 0,
            "id": 18793
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18794
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18795
          },
          {
            "timestamp": "2026-06-28 21:56:21,260",
            "thread_id": "2784",
            "caller": "0x0f85e819",
            "parentcaller": "0x0b23d0d9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCombineRegionRegion"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x735385b0"
              }
            ],
            "repeated": 0,
            "id": 18796
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18797
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18798
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "2784",
            "caller": "0x0fc50929",
            "parentcaller": "0x0fc501d2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "CreateCompatibleBitmap"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750170a0"
              }
            ],
            "repeated": 0,
            "id": 18799
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "2784",
            "caller": "0x0fc50973",
            "parentcaller": "0x0fc501d2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "DeleteObject"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x750158a0"
              }
            ],
            "repeated": 0,
            "id": 18800
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "2784",
            "caller": "0x0fc505b9",
            "parentcaller": "0x0c56b5f1",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "BitBlt"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016e00"
              }
            ],
            "repeated": 0,
            "id": 18801
          },
          {
            "timestamp": "2026-06-28 21:56:21,276",
            "thread_id": "2784",
            "caller": "0x0fc50c15",
            "parentcaller": "0x0fc50aeb",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f84a000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18802
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 18803
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "2784",
            "caller": "0x0fc53036",
            "parentcaller": "0x0f85de20",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "GDI32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75010000"
              },
              {
                "name": "FunctionName",
                "value": "SetTextColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75016eb0"
              }
            ],
            "repeated": 0,
            "id": 18804
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 1,
            "id": 18805
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18806
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 18807
          },
          {
            "timestamp": "2026-06-28 21:56:21,292",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00000113"
              }
            ],
            "repeated": 0,
            "id": 18808
          },
          {
            "timestamp": "2026-06-28 21:56:21,307",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18809
          },
          {
            "timestamp": "2026-06-28 21:56:21,307",
            "thread_id": "2784",
            "caller": "0x0b23f0a2",
            "parentcaller": "0x0b23edfc",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "WaitMessage"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64e00"
              }
            ],
            "repeated": 0,
            "id": 18810
          },
          {
            "timestamp": "2026-06-28 21:56:21,464",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "221"
              }
            ],
            "repeated": 2,
            "id": 18811
          },
          {
            "timestamp": "2026-06-28 21:56:22,229",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18812
          },
          {
            "timestamp": "2026-06-28 21:56:22,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18813
          },
          {
            "timestamp": "2026-06-28 21:56:22,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 18814
          },
          {
            "timestamp": "2026-06-28 21:56:22,229",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "296"
              },
              {
                "name": "y",
                "value": "212"
              }
            ],
            "repeated": 0,
            "id": 18815
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18816
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18817
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18818
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18819
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18820
          },
          {
            "timestamp": "2026-06-28 21:56:22,245",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "283"
              },
              {
                "name": "y",
                "value": "200"
              }
            ],
            "repeated": 0,
            "id": 18821
          },
          {
            "timestamp": "2026-06-28 21:56:22,260",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18822
          },
          {
            "timestamp": "2026-06-28 21:56:22,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18823
          },
          {
            "timestamp": "2026-06-28 21:56:22,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18824
          },
          {
            "timestamp": "2026-06-28 21:56:22,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 18825
          },
          {
            "timestamp": "2026-06-28 21:56:22,260",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18826
          },
          {
            "timestamp": "2026-06-28 21:56:22,276",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "273"
              },
              {
                "name": "y",
                "value": "188"
              }
            ],
            "repeated": 0,
            "id": 18827
          },
          {
            "timestamp": "2026-06-28 21:56:22,276",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18828
          },
          {
            "timestamp": "2026-06-28 21:56:22,276",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18829
          },
          {
            "timestamp": "2026-06-28 21:56:22,276",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18830
          },
          {
            "timestamp": "2026-06-28 21:56:22,276",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 18831
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18832
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "267"
              },
              {
                "name": "y",
                "value": "179"
              }
            ],
            "repeated": 0,
            "id": 18833
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18834
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18835
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18836
          },
          {
            "timestamp": "2026-06-28 21:56:22,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 18837
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18838
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "260"
              },
              {
                "name": "y",
                "value": "170"
              }
            ],
            "repeated": 0,
            "id": 18839
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18840
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18841
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18842
          },
          {
            "timestamp": "2026-06-28 21:56:22,307",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 18843
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18844
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18845
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18846
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 18847
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18848
          },
          {
            "timestamp": "2026-06-28 21:56:22,339",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "248"
              },
              {
                "name": "y",
                "value": "150"
              }
            ],
            "repeated": 0,
            "id": 18849
          },
          {
            "timestamp": "2026-06-28 21:56:22,354",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18850
          },
          {
            "timestamp": "2026-06-28 21:56:22,354",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18851
          },
          {
            "timestamp": "2026-06-28 21:56:22,354",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18852
          },
          {
            "timestamp": "2026-06-28 21:56:22,354",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18853
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18854
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18855
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18856
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 18857
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18858
          },
          {
            "timestamp": "2026-06-28 21:56:22,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "236"
              },
              {
                "name": "y",
                "value": "130"
              }
            ],
            "repeated": 0,
            "id": 18859
          },
          {
            "timestamp": "2026-06-28 21:56:22,385",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18860
          },
          {
            "timestamp": "2026-06-28 21:56:22,385",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18861
          },
          {
            "timestamp": "2026-06-28 21:56:22,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "230"
              },
              {
                "name": "y",
                "value": "120"
              }
            ],
            "repeated": 0,
            "id": 18862
          },
          {
            "timestamp": "2026-06-28 21:56:22,385",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18863
          },
          {
            "timestamp": "2026-06-28 21:56:22,385",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 18864
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18865
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18866
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18867
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 18868
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18869
          },
          {
            "timestamp": "2026-06-28 21:56:22,417",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "225"
              },
              {
                "name": "y",
                "value": "110"
              }
            ],
            "repeated": 1,
            "id": 18870
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18871
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18872
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18873
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18874
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18875
          },
          {
            "timestamp": "2026-06-28 21:56:22,432",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "219"
              },
              {
                "name": "y",
                "value": "100"
              }
            ],
            "repeated": 0,
            "id": 18876
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18877
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18878
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18879
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18880
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "2784",
            "caller": "0x0fc543be",
            "parentcaller": "0x0fc5434b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "LoadCursor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18881
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "2784",
            "caller": "0x0fc543be",
            "parentcaller": "0x0fc5434b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "LoadCursorW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d55180"
              }
            ],
            "repeated": 0,
            "id": 18882
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "2784",
            "caller": "0x0fc5440c",
            "parentcaller": "0x0fc54187",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetCursor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d6351c"
              }
            ],
            "repeated": 0,
            "id": 18883
          },
          {
            "timestamp": "2026-06-28 21:56:22,464",
            "thread_id": "2784",
            "caller": "0x0fc5447f",
            "parentcaller": "0x07fa1c5b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": false,
            "return": "0xffffffffc0000135",
            "pretty_return": "DLL_NOT_FOUND",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18884
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc5447f",
            "parentcaller": "0x07fa1c5b",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": false,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 18885
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc5447f",
            "parentcaller": "0x07fa1c5b",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "comctl32.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x726e0000"
              }
            ],
            "repeated": 0,
            "id": 18886
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc5447f",
            "parentcaller": "0x07fa1c5b",
            "category": "system",
            "api": "LoadLibraryExW",
            "status": true,
            "return": "0x726e0000",
            "arguments": [
              {
                "name": "lpLibFileName",
                "value": "comctl32.dll"
              },
              {
                "name": "dwFlags",
                "value": "0x00000800"
              }
            ],
            "repeated": 0,
            "id": 18887
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc5447f",
            "parentcaller": "0x07fa1c5b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "comctl32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x726e0000"
              },
              {
                "name": "FunctionName",
                "value": "_TrackMouseEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x727a2e20"
              }
            ],
            "repeated": 0,
            "id": 18888
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc5469c",
            "parentcaller": "0x07fa2c57",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetKeyState"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5e960"
              }
            ],
            "repeated": 0,
            "id": 18889
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x0fc55b8c",
            "parentcaller": "0x0fc55a2d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RedrawWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64750"
              }
            ],
            "repeated": 0,
            "id": 18890
          },
          {
            "timestamp": "2026-06-28 21:56:22,479",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 1,
            "id": 18891
          },
          {
            "timestamp": "2026-06-28 21:56:22,495",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18892
          },
          {
            "timestamp": "2026-06-28 21:56:22,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18893
          },
          {
            "timestamp": "2026-06-28 21:56:22,495",
            "thread_id": "2784",
            "caller": "0x0fc55ed6",
            "parentcaller": "0x0fc55e29",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThemeName"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x738ab890"
              }
            ],
            "repeated": 0,
            "id": 18894
          },
          {
            "timestamp": "2026-06-28 21:56:22,495",
            "thread_id": "2784",
            "caller": "0x0fc55ed6",
            "parentcaller": "0x0fc55e29",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": false,
            "return": "0xffffffffc0000139",
            "pretty_return": "ENTRYPOINT_NOT_FOUND",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "uxtheme.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x73880000"
              },
              {
                "name": "FunctionName",
                "value": "GetCurrentThemeNameW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18895
          },
          {
            "timestamp": "2026-06-28 21:56:22,495",
            "thread_id": "2784",
            "caller": "0x0fc561ad",
            "parentcaller": "0x0fc55ed6",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 5,
            "id": 18896
          },
          {
            "timestamp": "2026-06-28 21:56:22,510",
            "thread_id": "2784",
            "caller": "0x0fc5715f",
            "parentcaller": "0x0fc5683e",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f84e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18897
          },
          {
            "timestamp": "2026-06-28 21:56:22,510",
            "thread_id": "2784",
            "caller": "0x0fc5a4d1",
            "parentcaller": "0x0fc5a48c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipGetNearestColor"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x7353f8a0"
              }
            ],
            "repeated": 0,
            "id": 18898
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 10,
            "id": 18899
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0fc5affc",
            "parentcaller": "0x0fc5229b",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f888000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18900
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0fc5affc",
            "parentcaller": "0x0fc5229b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreateLineBrushFromRectI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734e5f60"
              }
            ],
            "repeated": 0,
            "id": 18901
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0c56b131",
            "parentcaller": "0x0c56b059",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09776000"
              },
              {
                "name": "RegionSize",
                "value": "0x00005000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18902
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0fc5b1e9",
            "parentcaller": "0x0fc5b19b",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipCreatePen1"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734ef500"
              }
            ],
            "repeated": 0,
            "id": 18903
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0fc5b399",
            "parentcaller": "0x0fc5233f",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDrawRectangleI"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734ea070"
              }
            ],
            "repeated": 0,
            "id": 18904
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0fc5b577",
            "parentcaller": "0x0fc5b47e",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "gdiplus.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x734a0000"
              },
              {
                "name": "FunctionName",
                "value": "GdipDeletePen"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x734f00c0"
              }
            ],
            "repeated": 0,
            "id": 18905
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 18906
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x0b210d0a",
            "parentcaller": "0x0fc55aa4",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "NotifyWinEvent"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d60fb0"
              }
            ],
            "repeated": 0,
            "id": 18907
          },
          {
            "timestamp": "2026-06-28 21:56:22,526",
            "thread_id": "2784",
            "caller": "0x09306757",
            "parentcaller": "0x0fc5b7f5",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000066"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 18908
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "2784",
            "caller": "0x07fa1ae7",
            "parentcaller": "0x07f3ecbf",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0f84f000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18909
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "2784",
            "caller": "0x0fc5bbf8",
            "parentcaller": "0x0fc5baf2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetTimer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61230"
              }
            ],
            "repeated": 0,
            "id": 18910
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18911
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18912
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "2784",
            "caller": "0x0fc5c4c2",
            "parentcaller": "0x0fc5c41c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5c890"
              }
            ],
            "repeated": 0,
            "id": 18913
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "2784",
            "caller": "0x0fc5c4f3",
            "parentcaller": "0x0fc5c41c",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "KillTimer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d64440"
              }
            ],
            "repeated": 0,
            "id": 18914
          },
          {
            "timestamp": "2026-06-28 21:56:22,542",
            "thread_id": "2784",
            "caller": "0x0fc5c7a8",
            "parentcaller": "0x0fc5c6af",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DestroyWindow"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d63b40"
              }
            ],
            "repeated": 0,
            "id": 18915
          },
          {
            "timestamp": "2026-06-28 21:56:22,557",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 18916
          },
          {
            "timestamp": "2026-06-28 21:56:22,573",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18917
          },
          {
            "timestamp": "2026-06-28 21:56:22,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18918
          },
          {
            "timestamp": "2026-06-28 21:56:22,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18919
          },
          {
            "timestamp": "2026-06-28 21:56:22,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18920
          },
          {
            "timestamp": "2026-06-28 21:56:22,589",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18921
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msctf.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x768e0000"
              }
            ],
            "repeated": 0,
            "id": 18922
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18923
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18924
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 18925
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName"
              }
            ],
            "repeated": 0,
            "id": 18926
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "1"
              },
              {
                "name": "TokenInformation",
                "value": "\\x84\\xe7\\xf3\\x00\\x00\\x00\\x00\\x00\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\x93\\x84x\\xc2/\\x8a\\x97\tv\\xbf\\xb4\\x82\\xea\\x03\\x00\\x00\\xfe\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x9b3\\x01\\x0c\\xe8\\xf3\\x00\\xd5X\\xb8u\\x90\\xb7\\xc5u\\xdeD\\xe8\\xa4\\x80\\xe8\\xf3\\x00\\x02\\x00\\x00\\x80D\\x02\t\\x00"
              }
            ],
            "repeated": 0,
            "id": 18927
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "registry",
            "api": "NtOpenKey",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000084c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000000"
              },
              {
                "name": "ObjectAttributesName",
                "value": "\\REGISTRY\\USER\\S-1-5-21-3262678163-160926255-2192883574-1002"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER"
              }
            ],
            "repeated": 0,
            "id": 18928
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000850"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000084c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\CTF\\DirectSwitchHotkeys"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys"
              }
            ],
            "repeated": 0,
            "id": 18929
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000084c"
              }
            ],
            "repeated": 0,
            "id": 18930
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "registry",
            "api": "NtEnumerateKey",
            "status": false,
            "return": "0xffffffff8000001a",
            "pretty_return": "NO_MORE_ENTRIES",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000850"
              },
              {
                "name": "Index",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 18931
          },
          {
            "timestamp": "2026-06-28 21:56:22,604",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000850"
              }
            ],
            "repeated": 0,
            "id": 18932
          },
          {
            "timestamp": "2026-06-28 21:56:22,682",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x0c56071d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 18933
          },
          {
            "timestamp": "2026-06-28 21:56:22,682",
            "thread_id": "2784",
            "caller": "0x0c560388",
            "parentcaller": "0x07fa1cd9",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetCapture"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61620"
              }
            ],
            "repeated": 0,
            "id": 18934
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "228"
              },
              {
                "name": "y",
                "value": "99"
              }
            ],
            "repeated": 0,
            "id": 18935
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18936
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18937
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 18938
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "233"
              },
              {
                "name": "y",
                "value": "107"
              }
            ],
            "repeated": 0,
            "id": 18939
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18940
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18941
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18942
          },
          {
            "timestamp": "2026-06-28 21:56:22,729",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 18943
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18944
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18945
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18946
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 18947
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18948
          },
          {
            "timestamp": "2026-06-28 21:56:22,760",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "266"
              },
              {
                "name": "y",
                "value": "155"
              }
            ],
            "repeated": 0,
            "id": 18949
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18950
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18951
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18952
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 18953
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18954
          },
          {
            "timestamp": "2026-06-28 21:56:22,776",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "278"
              },
              {
                "name": "y",
                "value": "172"
              }
            ],
            "repeated": 0,
            "id": 18955
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18956
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18957
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18958
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 18959
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18960
          },
          {
            "timestamp": "2026-06-28 21:56:22,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "296"
              },
              {
                "name": "y",
                "value": "197"
              }
            ],
            "repeated": 0,
            "id": 18961
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18962
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18963
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18964
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 18965
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18966
          },
          {
            "timestamp": "2026-06-28 21:56:22,807",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "309"
              },
              {
                "name": "y",
                "value": "214"
              }
            ],
            "repeated": 0,
            "id": 18967
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18968
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18969
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18970
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 18971
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18972
          },
          {
            "timestamp": "2026-06-28 21:56:22,823",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "321"
              },
              {
                "name": "y",
                "value": "232"
              }
            ],
            "repeated": 0,
            "id": 18973
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18974
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18975
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18976
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 18977
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18978
          },
          {
            "timestamp": "2026-06-28 21:56:22,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "341"
              },
              {
                "name": "y",
                "value": "258"
              }
            ],
            "repeated": 0,
            "id": 18979
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18980
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18981
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18982
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 18983
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18984
          },
          {
            "timestamp": "2026-06-28 21:56:22,870",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "354"
              },
              {
                "name": "y",
                "value": "276"
              }
            ],
            "repeated": 0,
            "id": 18985
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18986
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18987
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18988
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 18989
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18990
          },
          {
            "timestamp": "2026-06-28 21:56:22,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "368"
              },
              {
                "name": "y",
                "value": "294"
              }
            ],
            "repeated": 0,
            "id": 18991
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18992
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 18993
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 18994
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 18995
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18996
          },
          {
            "timestamp": "2026-06-28 21:56:22,901",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "382"
              },
              {
                "name": "y",
                "value": "312"
              }
            ],
            "repeated": 0,
            "id": 18997
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 18998
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "2784",
            "caller": "0x0c56feee",
            "parentcaller": "0x0b23f0a2",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x056e2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00010000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 18999
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19000
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19001
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 19002
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19003
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0ae9e000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19004
          },
          {
            "timestamp": "2026-06-28 21:56:22,917",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "396"
              },
              {
                "name": "y",
                "value": "330"
              }
            ],
            "repeated": 0,
            "id": 19005
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19006
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19007
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19008
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 19009
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19010
          },
          {
            "timestamp": "2026-06-28 21:56:22,932",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "411"
              },
              {
                "name": "y",
                "value": "347"
              }
            ],
            "repeated": 0,
            "id": 19011
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19012
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19013
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19014
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19015
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19016
          },
          {
            "timestamp": "2026-06-28 21:56:22,964",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "426"
              },
              {
                "name": "y",
                "value": "365"
              }
            ],
            "repeated": 0,
            "id": 19017
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19018
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19019
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19020
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 19021
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19022
          },
          {
            "timestamp": "2026-06-28 21:56:22,979",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "441"
              },
              {
                "name": "y",
                "value": "383"
              }
            ],
            "repeated": 0,
            "id": 19023
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19024
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19025
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19026
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 19027
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19028
          },
          {
            "timestamp": "2026-06-28 21:56:22,995",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "456"
              },
              {
                "name": "y",
                "value": "400"
              }
            ],
            "repeated": 0,
            "id": 19029
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19030
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19031
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19032
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19033
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19034
          },
          {
            "timestamp": "2026-06-28 21:56:23,010",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "472"
              },
              {
                "name": "y",
                "value": "417"
              }
            ],
            "repeated": 0,
            "id": 19035
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "480"
              },
              {
                "name": "y",
                "value": "426"
              }
            ],
            "repeated": 0,
            "id": 19036
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19037
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19038
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19039
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 19040
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19041
          },
          {
            "timestamp": "2026-06-28 21:56:23,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "488"
              },
              {
                "name": "y",
                "value": "434"
              }
            ],
            "repeated": 0,
            "id": 19042
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19043
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19044
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19045
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 19046
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19047
          },
          {
            "timestamp": "2026-06-28 21:56:23,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "504"
              },
              {
                "name": "y",
                "value": "451"
              }
            ],
            "repeated": 0,
            "id": 19048
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19049
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19050
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19051
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 19052
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19053
          },
          {
            "timestamp": "2026-06-28 21:56:23,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "520"
              },
              {
                "name": "y",
                "value": "467"
              }
            ],
            "repeated": 0,
            "id": 19054
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19055
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19056
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19057
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19058
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19059
          },
          {
            "timestamp": "2026-06-28 21:56:23,089",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "537"
              },
              {
                "name": "y",
                "value": "483"
              }
            ],
            "repeated": 0,
            "id": 19060
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19061
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19062
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19063
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19064
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19065
          },
          {
            "timestamp": "2026-06-28 21:56:23,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "545"
              },
              {
                "name": "y",
                "value": "491"
              }
            ],
            "repeated": 0,
            "id": 19066
          },
          {
            "timestamp": "2026-06-28 21:56:23,120",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19067
          },
          {
            "timestamp": "2026-06-28 21:56:23,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19068
          },
          {
            "timestamp": "2026-06-28 21:56:23,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19069
          },
          {
            "timestamp": "2026-06-28 21:56:23,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19070
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19071
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19072
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19073
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "7"
              }
            ],
            "repeated": 0,
            "id": 19074
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19075
          },
          {
            "timestamp": "2026-06-28 21:56:23,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "589"
              },
              {
                "name": "y",
                "value": "529"
              }
            ],
            "repeated": 0,
            "id": 19076
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19077
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19078
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19079
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 19080
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19081
          },
          {
            "timestamp": "2026-06-28 21:56:23,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "606"
              },
              {
                "name": "y",
                "value": "543"
              }
            ],
            "repeated": 0,
            "id": 19082
          },
          {
            "timestamp": "2026-06-28 21:56:23,182",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19083
          },
          {
            "timestamp": "2026-06-28 21:56:23,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19084
          },
          {
            "timestamp": "2026-06-28 21:56:23,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19085
          },
          {
            "timestamp": "2026-06-28 21:56:23,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19086
          },
          {
            "timestamp": "2026-06-28 21:56:23,182",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "624"
              },
              {
                "name": "y",
                "value": "557"
              }
            ],
            "repeated": 0,
            "id": 19087
          },
          {
            "timestamp": "2026-06-28 21:56:23,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19088
          },
          {
            "timestamp": "2026-06-28 21:56:23,198",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "652"
              },
              {
                "name": "y",
                "value": "577"
              }
            ],
            "repeated": 0,
            "id": 19089
          },
          {
            "timestamp": "2026-06-28 21:56:23,229",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "699"
              },
              {
                "name": "y",
                "value": "606"
              }
            ],
            "repeated": 0,
            "id": 19090
          },
          {
            "timestamp": "2026-06-28 21:56:23,260",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "718"
              },
              {
                "name": "y",
                "value": "616"
              }
            ],
            "repeated": 0,
            "id": 19091
          },
          {
            "timestamp": "2026-06-28 21:56:23,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "737"
              },
              {
                "name": "y",
                "value": "626"
              }
            ],
            "repeated": 0,
            "id": 19092
          },
          {
            "timestamp": "2026-06-28 21:56:23,292",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "777"
              },
              {
                "name": "y",
                "value": "643"
              }
            ],
            "repeated": 0,
            "id": 19093
          },
          {
            "timestamp": "2026-06-28 21:56:23,323",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "808"
              },
              {
                "name": "y",
                "value": "654"
              }
            ],
            "repeated": 1,
            "id": 19094
          },
          {
            "timestamp": "2026-06-28 21:56:31,542",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "948"
              },
              {
                "name": "y",
                "value": "710"
              }
            ],
            "repeated": 0,
            "id": 19095
          },
          {
            "timestamp": "2026-06-28 21:56:31,557",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "921"
              },
              {
                "name": "y",
                "value": "684"
              }
            ],
            "repeated": 0,
            "id": 19096
          },
          {
            "timestamp": "2026-06-28 21:56:31,589",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "894"
              },
              {
                "name": "y",
                "value": "655"
              }
            ],
            "repeated": 0,
            "id": 19097
          },
          {
            "timestamp": "2026-06-28 21:56:31,604",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "876"
              },
              {
                "name": "y",
                "value": "635"
              }
            ],
            "repeated": 0,
            "id": 19098
          },
          {
            "timestamp": "2026-06-28 21:56:31,620",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "850"
              },
              {
                "name": "y",
                "value": "602"
              }
            ],
            "repeated": 0,
            "id": 19099
          },
          {
            "timestamp": "2026-06-28 21:56:31,635",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "833"
              },
              {
                "name": "y",
                "value": "580"
              }
            ],
            "repeated": 0,
            "id": 19100
          },
          {
            "timestamp": "2026-06-28 21:56:31,651",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "816"
              },
              {
                "name": "y",
                "value": "557"
              }
            ],
            "repeated": 0,
            "id": 19101
          },
          {
            "timestamp": "2026-06-28 21:56:31,667",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "799"
              },
              {
                "name": "y",
                "value": "533"
              }
            ],
            "repeated": 0,
            "id": 19102
          },
          {
            "timestamp": "2026-06-28 21:56:31,682",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "791"
              },
              {
                "name": "y",
                "value": "521"
              }
            ],
            "repeated": 0,
            "id": 19103
          },
          {
            "timestamp": "2026-06-28 21:56:31,714",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "767"
              },
              {
                "name": "y",
                "value": "484"
              }
            ],
            "repeated": 0,
            "id": 19104
          },
          {
            "timestamp": "2026-06-28 21:56:31,729",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "751"
              },
              {
                "name": "y",
                "value": "459"
              }
            ],
            "repeated": 0,
            "id": 19105
          },
          {
            "timestamp": "2026-06-28 21:56:31,745",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "735"
              },
              {
                "name": "y",
                "value": "434"
              }
            ],
            "repeated": 0,
            "id": 19106
          },
          {
            "timestamp": "2026-06-28 21:56:31,776",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "720"
              },
              {
                "name": "y",
                "value": "409"
              }
            ],
            "repeated": 0,
            "id": 19107
          },
          {
            "timestamp": "2026-06-28 21:56:31,807",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "706"
              },
              {
                "name": "y",
                "value": "383"
              }
            ],
            "repeated": 0,
            "id": 19108
          },
          {
            "timestamp": "2026-06-28 21:56:31,839",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "677"
              },
              {
                "name": "y",
                "value": "333"
              }
            ],
            "repeated": 0,
            "id": 19109
          },
          {
            "timestamp": "2026-06-28 21:56:31,854",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "664"
              },
              {
                "name": "y",
                "value": "308"
              }
            ],
            "repeated": 0,
            "id": 19110
          },
          {
            "timestamp": "2026-06-28 21:56:31,870",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "650"
              },
              {
                "name": "y",
                "value": "283"
              }
            ],
            "repeated": 0,
            "id": 19111
          },
          {
            "timestamp": "2026-06-28 21:56:31,885",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "638"
              },
              {
                "name": "y",
                "value": "259"
              }
            ],
            "repeated": 0,
            "id": 19112
          },
          {
            "timestamp": "2026-06-28 21:56:31,901",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "625"
              },
              {
                "name": "y",
                "value": "235"
              }
            ],
            "repeated": 0,
            "id": 19113
          },
          {
            "timestamp": "2026-06-28 21:56:31,932",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19114
          },
          {
            "timestamp": "2026-06-28 21:56:31,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19115
          },
          {
            "timestamp": "2026-06-28 21:56:31,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19116
          },
          {
            "timestamp": "2026-06-28 21:56:31,932",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "597"
              },
              {
                "name": "y",
                "value": "177"
              }
            ],
            "repeated": 0,
            "id": 19117
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19118
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19119
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19120
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 19121
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19122
          },
          {
            "timestamp": "2026-06-28 21:56:31,948",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "586"
              },
              {
                "name": "y",
                "value": "156"
              }
            ],
            "repeated": 0,
            "id": 19123
          },
          {
            "timestamp": "2026-06-28 21:56:31,964",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19124
          },
          {
            "timestamp": "2026-06-28 21:56:31,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19125
          },
          {
            "timestamp": "2026-06-28 21:56:31,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19126
          },
          {
            "timestamp": "2026-06-28 21:56:31,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19127
          },
          {
            "timestamp": "2026-06-28 21:56:31,979",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19128
          },
          {
            "timestamp": "2026-06-28 21:56:31,979",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "571"
              },
              {
                "name": "y",
                "value": "125"
              }
            ],
            "repeated": 0,
            "id": 19129
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19130
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19131
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19132
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 19133
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19134
          },
          {
            "timestamp": "2026-06-28 21:56:31,995",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "558"
              },
              {
                "name": "y",
                "value": "96"
              }
            ],
            "repeated": 0,
            "id": 19135
          },
          {
            "timestamp": "2026-06-28 21:56:32,010",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19136
          },
          {
            "timestamp": "2026-06-28 21:56:32,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19137
          },
          {
            "timestamp": "2026-06-28 21:56:32,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19138
          },
          {
            "timestamp": "2026-06-28 21:56:32,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 19139
          },
          {
            "timestamp": "2026-06-28 21:56:32,026",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19140
          },
          {
            "timestamp": "2026-06-28 21:56:32,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19141
          },
          {
            "timestamp": "2026-06-28 21:56:32,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19142
          },
          {
            "timestamp": "2026-06-28 21:56:32,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 19143
          },
          {
            "timestamp": "2026-06-28 21:56:32,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00000113"
              }
            ],
            "repeated": 0,
            "id": 19144
          },
          {
            "timestamp": "2026-06-28 21:56:32,042",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19145
          },
          {
            "timestamp": "2026-06-28 21:56:32,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19146
          },
          {
            "timestamp": "2026-06-28 21:56:32,104",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00090244"
              },
              {
                "name": "Message",
                "value": "0x00000491"
              }
            ],
            "repeated": 0,
            "id": 19147
          },
          {
            "timestamp": "2026-06-28 21:56:32,104",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "512"
              },
              {
                "name": "y",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 19148
          },
          {
            "timestamp": "2026-06-28 21:56:32,104",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19149
          },
          {
            "timestamp": "2026-06-28 21:56:32,104",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 19150
          },
          {
            "timestamp": "2026-06-28 21:56:32,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "512"
              },
              {
                "name": "y",
                "value": "0"
              }
            ],
            "repeated": 1,
            "id": 19151
          },
          {
            "timestamp": "2026-06-28 21:56:32,245",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "467"
              },
              {
                "name": "y",
                "value": "29"
              }
            ],
            "repeated": 0,
            "id": 19152
          },
          {
            "timestamp": "2026-06-28 21:56:32,479",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19153
          },
          {
            "timestamp": "2026-06-28 21:56:32,479",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19154
          },
          {
            "timestamp": "2026-06-28 21:56:32,479",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19155
          },
          {
            "timestamp": "2026-06-28 21:56:32,479",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "336"
              },
              {
                "name": "y",
                "value": "99"
              }
            ],
            "repeated": 0,
            "id": 19156
          },
          {
            "timestamp": "2026-06-28 21:56:32,495",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19157
          },
          {
            "timestamp": "2026-06-28 21:56:32,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19158
          },
          {
            "timestamp": "2026-06-28 21:56:32,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19159
          },
          {
            "timestamp": "2026-06-28 21:56:32,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19160
          },
          {
            "timestamp": "2026-06-28 21:56:32,510",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19161
          },
          {
            "timestamp": "2026-06-28 21:56:32,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19162
          },
          {
            "timestamp": "2026-06-28 21:56:32,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19163
          },
          {
            "timestamp": "2026-06-28 21:56:32,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19164
          },
          {
            "timestamp": "2026-06-28 21:56:32,526",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19165
          },
          {
            "timestamp": "2026-06-28 21:56:32,792",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "336"
              },
              {
                "name": "y",
                "value": "99"
              }
            ],
            "repeated": 2,
            "id": 19166
          },
          {
            "timestamp": "2026-06-28 21:56:33,745",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "512"
              },
              {
                "name": "y",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19167
          },
          {
            "timestamp": "2026-06-28 21:56:33,854",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19168
          },
          {
            "timestamp": "2026-06-28 21:56:33,854",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19169
          },
          {
            "timestamp": "2026-06-28 21:56:33,854",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19170
          },
          {
            "timestamp": "2026-06-28 21:56:33,854",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "419"
              },
              {
                "name": "y",
                "value": "126"
              }
            ],
            "repeated": 0,
            "id": 19171
          },
          {
            "timestamp": "2026-06-28 21:56:33,870",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19172
          },
          {
            "timestamp": "2026-06-28 21:56:33,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19173
          },
          {
            "timestamp": "2026-06-28 21:56:33,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19174
          },
          {
            "timestamp": "2026-06-28 21:56:33,870",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19175
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19176
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19177
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19178
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 19179
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19180
          },
          {
            "timestamp": "2026-06-28 21:56:33,885",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "381"
              },
              {
                "name": "y",
                "value": "165"
              }
            ],
            "repeated": 0,
            "id": 19181
          },
          {
            "timestamp": "2026-06-28 21:56:33,901",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19182
          },
          {
            "timestamp": "2026-06-28 21:56:33,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19183
          },
          {
            "timestamp": "2026-06-28 21:56:33,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19184
          },
          {
            "timestamp": "2026-06-28 21:56:33,901",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19185
          },
          {
            "timestamp": "2026-06-28 21:56:33,917",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19186
          },
          {
            "timestamp": "2026-06-28 21:56:33,917",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "363"
              },
              {
                "name": "y",
                "value": "184"
              }
            ],
            "repeated": 0,
            "id": 19187
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19188
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19189
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19190
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "10"
              }
            ],
            "repeated": 0,
            "id": 19191
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19192
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aea0000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19193
          },
          {
            "timestamp": "2026-06-28 21:56:33,932",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "346"
              },
              {
                "name": "y",
                "value": "202"
              }
            ],
            "repeated": 0,
            "id": 19194
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19195
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19196
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19197
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 19198
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19199
          },
          {
            "timestamp": "2026-06-28 21:56:33,948",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "329"
              },
              {
                "name": "y",
                "value": "220"
              }
            ],
            "repeated": 0,
            "id": 19200
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19201
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19202
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19203
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 19204
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19205
          },
          {
            "timestamp": "2026-06-28 21:56:33,964",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "314"
              },
              {
                "name": "y",
                "value": "239"
              }
            ],
            "repeated": 0,
            "id": 19206
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19207
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19208
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19209
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "3"
              }
            ],
            "repeated": 0,
            "id": 19210
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19211
          },
          {
            "timestamp": "2026-06-28 21:56:33,979",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "314"
              },
              {
                "name": "y",
                "value": "239"
              }
            ],
            "repeated": 0,
            "id": 19212
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19213
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19214
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19215
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19216
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19217
          },
          {
            "timestamp": "2026-06-28 21:56:34,010",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "300"
              },
              {
                "name": "y",
                "value": "257"
              }
            ],
            "repeated": 0,
            "id": 19218
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19219
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19220
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19221
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 19222
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19223
          },
          {
            "timestamp": "2026-06-28 21:56:34,026",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "283"
              },
              {
                "name": "y",
                "value": "287"
              }
            ],
            "repeated": 0,
            "id": 19224
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19225
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19226
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19227
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "6"
              }
            ],
            "repeated": 0,
            "id": 19228
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19229
          },
          {
            "timestamp": "2026-06-28 21:56:34,042",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "270"
              },
              {
                "name": "y",
                "value": "319"
              }
            ],
            "repeated": 0,
            "id": 19230
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19231
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19232
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19233
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "5"
              }
            ],
            "repeated": 0,
            "id": 19234
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19235
          },
          {
            "timestamp": "2026-06-28 21:56:34,057",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "262"
              },
              {
                "name": "y",
                "value": "355"
              }
            ],
            "repeated": 0,
            "id": 19236
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19237
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19238
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19239
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19240
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19241
          },
          {
            "timestamp": "2026-06-28 21:56:34,073",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "262"
              },
              {
                "name": "y",
                "value": "355"
              }
            ],
            "repeated": 0,
            "id": 19242
          },
          {
            "timestamp": "2026-06-28 21:56:34,089",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19243
          },
          {
            "timestamp": "2026-06-28 21:56:34,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19244
          },
          {
            "timestamp": "2026-06-28 21:56:34,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19245
          },
          {
            "timestamp": "2026-06-28 21:56:34,089",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19246
          },
          {
            "timestamp": "2026-06-28 21:56:34,104",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19247
          },
          {
            "timestamp": "2026-06-28 21:56:34,104",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19248
          },
          {
            "timestamp": "2026-06-28 21:56:34,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "262"
              },
              {
                "name": "y",
                "value": "355"
              }
            ],
            "repeated": 2,
            "id": 19249
          },
          {
            "timestamp": "2026-06-28 21:56:35,104",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "263"
              },
              {
                "name": "y",
                "value": "303"
              }
            ],
            "repeated": 0,
            "id": 19250
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19251
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19252
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19253
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "264"
              },
              {
                "name": "y",
                "value": "296"
              }
            ],
            "repeated": 0,
            "id": 19254
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19255
          },
          {
            "timestamp": "2026-06-28 21:56:35,120",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19256
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19257
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 19258
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19259
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19260
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19261
          },
          {
            "timestamp": "2026-06-28 21:56:35,135",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19262
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19263
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "273"
              },
              {
                "name": "y",
                "value": "269"
              }
            ],
            "repeated": 0,
            "id": 19264
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19265
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19266
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19267
          },
          {
            "timestamp": "2026-06-28 21:56:35,151",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19268
          },
          {
            "timestamp": "2026-06-28 21:56:35,167",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19269
          },
          {
            "timestamp": "2026-06-28 21:56:35,167",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "278"
              },
              {
                "name": "y",
                "value": "256"
              }
            ],
            "repeated": 0,
            "id": 19270
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19271
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19272
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19273
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19274
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19275
          },
          {
            "timestamp": "2026-06-28 21:56:35,182",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "284"
              },
              {
                "name": "y",
                "value": "244"
              }
            ],
            "repeated": 0,
            "id": 19276
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19277
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19278
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19279
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19280
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19281
          },
          {
            "timestamp": "2026-06-28 21:56:35,198",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "290"
              },
              {
                "name": "y",
                "value": "231"
              }
            ],
            "repeated": 0,
            "id": 19282
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19283
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19284
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19285
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 19286
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19287
          },
          {
            "timestamp": "2026-06-28 21:56:35,214",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "296"
              },
              {
                "name": "y",
                "value": "219"
              }
            ],
            "repeated": 0,
            "id": 19288
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19289
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19290
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19291
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 19292
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19293
          },
          {
            "timestamp": "2026-06-28 21:56:35,229",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "302"
              },
              {
                "name": "y",
                "value": "206"
              }
            ],
            "repeated": 0,
            "id": 19294
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19295
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19296
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19297
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 19298
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19299
          },
          {
            "timestamp": "2026-06-28 21:56:35,245",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "310"
              },
              {
                "name": "y",
                "value": "185"
              }
            ],
            "repeated": 0,
            "id": 19300
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19301
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19302
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19303
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19304
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19305
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19306
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19307
          },
          {
            "timestamp": "2026-06-28 21:56:35,260",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "315"
              },
              {
                "name": "y",
                "value": "162"
              }
            ],
            "repeated": 0,
            "id": 19308
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x09382810",
            "parentcaller": "0x07fa2da2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetDlgItem"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5b840"
              }
            ],
            "repeated": 0,
            "id": 19309
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0fc5dba9",
            "parentcaller": "0x0fc5dae6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindowVisible"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57ce0"
              }
            ],
            "repeated": 0,
            "id": 19310
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0fc5dbbe",
            "parentcaller": "0x0fc5dae6",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsWindowEnabled"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57170"
              }
            ],
            "repeated": 0,
            "id": 19311
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 19312
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "C:\\Windows\\system32\\Msimtf.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70360000"
              }
            ],
            "repeated": 0,
            "id": 19313
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrLoadDll",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Flags",
                "value": "0x00000000"
              },
              {
                "name": "FileName",
                "value": "C:\\Windows\\System32\\msimtf.dll"
              },
              {
                "name": "BaseAddress",
                "value": "0x70360000"
              }
            ],
            "repeated": 0,
            "id": 19314
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "msimtf.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x70360000"
              },
              {
                "name": "FunctionName",
                "value": "MsimtfIsWindowFiltered"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x70363b60"
              }
            ],
            "repeated": 0,
            "id": 19315
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c568544",
            "parentcaller": "0x0c568411",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 19316
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19317
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x10720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00800000"
              },
              {
                "name": "Protection",
                "value": "0x00000001",
                "pretty_value": "PAGE_NOACCESS"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19318
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetSystemInfo",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19319
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "NtQuerySystemInformation",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SystemInformationClass",
                "value": "58"
              }
            ],
            "repeated": 0,
            "id": 19320
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x0000083c"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19321
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e1b000"
              },
              {
                "name": "RegionSize",
                "value": "0x00003000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19322
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x09e20000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19323
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19324
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000874"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19325
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              }
            ],
            "repeated": 0,
            "id": 19326
          },
          {
            "timestamp": "2026-06-28 21:56:35,276",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19327
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "IsGUIThread"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62b70"
              }
            ],
            "repeated": 0,
            "id": 19328
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19329
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 19330
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 19331
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 19332
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 19333
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 19334
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 19335
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 19336
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000087c"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19337
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000087c"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19338
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19339
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000880"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19340
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000880"
              }
            ],
            "repeated": 0,
            "id": 19341
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000087c"
              }
            ],
            "repeated": 1,
            "id": 19342
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19343
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "RegisterClassExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d50880"
              }
            ],
            "repeated": 0,
            "id": 19344
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19345
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19346
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "CreateWindowExW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d51ac0"
              }
            ],
            "repeated": 0,
            "id": 19347
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19348
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19349
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DefWindowProcW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f87d50"
              }
            ],
            "repeated": 0,
            "id": 19350
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19351
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19352
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57cc0"
              }
            ],
            "repeated": 0,
            "id": 19353
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19354
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19355
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SetTimer"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d61230"
              }
            ],
            "repeated": 0,
            "id": 19356
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19357
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19358
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19359
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19360
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2612"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62ee0"
              }
            ],
            "repeated": 0,
            "id": 19361
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19362
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19363
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowLongW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5adb0"
              }
            ],
            "repeated": 0,
            "id": 19364
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19365
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19366
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetWindowThreadProcessId"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d5cef0"
              }
            ],
            "repeated": 0,
            "id": 19367
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19368
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19369
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "SendMessageCallbackW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62670"
              }
            ],
            "repeated": 0,
            "id": 19370
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19371
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtDuplicateObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "SourceProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "SourceHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "TargetProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "TargetHandle",
                "value": "0x00000888"
              },
              {
                "name": "Options",
                "value": "0x00000002"
              }
            ],
            "repeated": 0,
            "id": 19372
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19373
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "combase.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75760000"
              },
              {
                "name": "FunctionName",
                "value": "CoCreateGuid"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75819180"
              }
            ],
            "repeated": 0,
            "id": 19374
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19375
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtQueryInformationToken",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "TokenInformationClass",
                "value": "29"
              },
              {
                "name": "TokenInformation",
                "value": "\\x00\\x00\\x00\\x00"
              }
            ],
            "repeated": 0,
            "id": 19376
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x10720000"
              },
              {
                "name": "RegionSize",
                "value": "0x00001000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19377
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19378
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2582"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62960"
              }
            ],
            "repeated": 0,
            "id": 19379
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19380
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19381
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "srand",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "seed",
                "value": "0x6a424f15"
              }
            ],
            "repeated": 0,
            "id": 19382
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19383
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              }
            ],
            "repeated": 0,
            "id": 19384
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlRegisterFeatureConfigurationChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f32430"
              }
            ],
            "repeated": 0,
            "id": 19385
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "NtQueryWnfStateData"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f74000"
              }
            ],
            "repeated": 0,
            "id": 19386
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlSubscribeWnfStateChangeNotification"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f306b0"
              }
            ],
            "repeated": 0,
            "id": 19387
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDisownModuleHeapAllocation"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f6c1e0"
              }
            ],
            "repeated": 0,
            "id": 19388
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlQueryFeatureConfiguration"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f65220"
              }
            ],
            "repeated": 0,
            "id": 19389
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "ntdll.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x76f00000"
              },
              {
                "name": "FunctionName",
                "value": "RtlDllShutdownInProgress"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x76f5f4e0"
              }
            ],
            "repeated": 0,
            "id": 19390
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtCreateMutant",
            "status": true,
            "return": "0x40000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000894"
              },
              {
                "name": "MutexName",
                "value": "Local\\SM0:4500:168:WilStaging_02"
              },
              {
                "name": "InitialOwner",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19391
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000894"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19392
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19393
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000898"
              },
              {
                "name": "Milliseconds",
                "value": "0"
              }
            ],
            "repeated": 0,
            "id": 19394
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000898"
              }
            ],
            "repeated": 0,
            "id": 19395
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtReleaseMutant",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000894"
              }
            ],
            "repeated": 1,
            "id": 19396
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19397
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
              }
            ],
            "repeated": 0,
            "id": 19398
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "ValueName",
                "value": "IsVailContainer"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer"
              }
            ],
            "repeated": 0,
            "id": 19399
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000898"
              }
            ],
            "repeated": 0,
            "id": 19400
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19401
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Input"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Input"
              }
            ],
            "repeated": 0,
            "id": 19402
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "ValueName",
                "value": "ResyncResetTime"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime"
              }
            ],
            "repeated": 0,
            "id": 19403
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "ValueName",
                "value": "MaxResyncAttempts"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts"
              }
            ],
            "repeated": 0,
            "id": 19404
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000898"
              }
            ],
            "repeated": 0,
            "id": 19405
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19406
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19407
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19408
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19409
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19410
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19411
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19412
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x7084e000"
              },
              {
                "name": "ModuleName",
                "value": "textinputframework.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19413
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19414
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19415
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "system",
            "api": "LdrGetDllHandle",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "FileName",
                "value": "iertutil.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x72a30000"
              }
            ],
            "repeated": 0,
            "id": 19416
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19417
          },
          {
            "timestamp": "2026-06-28 21:56:35,292",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x769a7000"
              },
              {
                "name": "ModuleName",
                "value": "MSCTF.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19418
          },
          {
            "timestamp": "2026-06-28 21:56:35,307",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 19419
          },
          {
            "timestamp": "2026-06-28 21:56:35,307",
            "thread_id": "2784",
            "caller": "0x0c5682ac",
            "parentcaller": "0x0c56642d",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 0,
            "id": 19420
          },
          {
            "timestamp": "2026-06-28 21:56:35,307",
            "thread_id": "2784",
            "caller": "0x0fc5dafa",
            "parentcaller": "0x0938169a",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 19421
          },
          {
            "timestamp": "2026-06-28 21:56:35,307",
            "thread_id": "2784",
            "caller": "0x0fc5dafa",
            "parentcaller": "0x0938169a",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 2,
            "id": 19422
          },
          {
            "timestamp": "2026-06-28 21:56:35,307",
            "thread_id": "2784",
            "caller": "0x0fc5dafa",
            "parentcaller": "0x0938169a",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 1,
            "id": 19423
          },
          {
            "timestamp": "2026-06-28 21:56:35,323",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetKeyboardLayout",
            "status": true,
            "return": "0x04090409",
            "arguments": [
              {
                "name": "KeyboardLayout",
                "value": "0x00000409"
              },
              {
                "name": "LanguageName",
                "value": "English (United States)"
              }
            ],
            "repeated": 1,
            "id": 19424
          },
          {
            "timestamp": "2026-06-28 21:56:35,323",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "319"
              },
              {
                "name": "y",
                "value": "136"
              }
            ],
            "repeated": 1,
            "id": 19425
          },
          {
            "timestamp": "2026-06-28 21:56:35,323",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00000001",
                "pretty_value": "KEY_QUERY_VALUE"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000005f8"
              },
              {
                "name": "ObjectAttributesName",
                "value": "FEATURE_BINARY_CALLER_SERVICE_PROVIDER"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BINARY_CALLER_SERVICE_PROVIDER"
              }
            ],
            "repeated": 0,
            "id": 19426
          },
          {
            "timestamp": "2026-06-28 21:56:35,339",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "319"
              },
              {
                "name": "y",
                "value": "136"
              }
            ],
            "repeated": 0,
            "id": 19427
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 19428
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19429
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19430
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 19431
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000089c"
              }
            ],
            "repeated": 0,
            "id": 19432
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19433
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 19434
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x0000089c"
              }
            ],
            "repeated": 0,
            "id": 19435
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\\x0c\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 19436
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 19437
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19438
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Internet Explorer"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer"
              }
            ],
            "repeated": 0,
            "id": 19439
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 19440
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19441
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a0"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 19442
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a0"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19443
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19444
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a4"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000250"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 19445
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a4"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19446
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007f8"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19447
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "RtlSetCurrentTransaction",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "TransactionHandle",
                "value": "0x00000000"
              }
            ],
            "repeated": 1,
            "id": 19448
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x000003f0"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
              }
            ],
            "repeated": 0,
            "id": 19449
          },
          {
            "timestamp": "2026-06-28 21:56:35,354",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19450
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x093030a5",
            "parentcaller": "0x09302f80",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00000042"
              },
              {
                "name": "uiParam",
                "value": "0x0000000c"
              }
            ],
            "repeated": 0,
            "id": 19451
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000000"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000644"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19452
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x0000064c"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19453
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 19454
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008a8"
              }
            ],
            "repeated": 0,
            "id": 19455
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtOpenKeyEx",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a8"
              },
              {
                "name": "DesiredAccess",
                "value": "0x00020019",
                "pretty_value": "KEY_READ"
              },
              {
                "name": "ObjectAttributesHandle",
                "value": "0x00000650"
              },
              {
                "name": "ObjectAttributesName",
                "value": "Microsoft\\Internet Explorer\\Security"
              },
              {
                "name": "ObjectAttributes",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security"
              }
            ],
            "repeated": 0,
            "id": 19456
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a8"
              },
              {
                "name": "ValueName",
                "value": "DisableSecuritySettingsCheck"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck"
              }
            ],
            "repeated": 0,
            "id": 19457
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "system",
            "api": "NtClose",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000008a8"
              }
            ],
            "repeated": 0,
            "id": 19458
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "threading",
            "api": "NtQueryInformationThread",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ThreadHandle",
                "value": "0xfffffffe"
              },
              {
                "name": "ThreadInformationClass",
                "value": "0",
                "pretty_value": "ThreadBasicInformation"
              },
              {
                "name": "ThreadInformation",
                "value": "\\x03\\x01\\x00\\x00\\x00\\xd0\\xd8\\x00\\x94\\x11\\x00\\x00\\xe0\n\\x00\\x00\\x03\\x00\\x00\\x00\\x0b\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
              },
              {
                "name": "ThreadId",
                "value": "2784"
              }
            ],
            "repeated": 0,
            "id": 19459
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000660"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 19460
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x0000089c"
              },
              {
                "name": "ValueName",
                "value": "No3DBorder"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder"
              }
            ],
            "repeated": 0,
            "id": 19461
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a0"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19462
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000008a4"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19463
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x000007f8"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19464
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "registry",
            "api": "NtQueryValueKey",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "KeyHandle",
                "value": "0x00000898"
              },
              {
                "name": "ValueName",
                "value": "UrlEncoding"
              },
              {
                "name": "FullName",
                "value": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding"
              }
            ],
            "repeated": 0,
            "id": 19465
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aea2000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19466
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19467
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19468
          },
          {
            "timestamp": "2026-06-28 21:56:35,370",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "339"
              },
              {
                "name": "y",
                "value": "154"
              }
            ],
            "repeated": 2,
            "id": 19469
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "SystemParametersInfoW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "Action",
                "value": "0x00002006"
              },
              {
                "name": "uiParam",
                "value": "0x00000000"
              }
            ],
            "repeated": 0,
            "id": 19470
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19471
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2541"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d640a0"
              }
            ],
            "repeated": 0,
            "id": 19472
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19473
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19474
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "PostMessageW"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d57d30"
              }
            ],
            "repeated": 0,
            "id": 19475
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19476
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030498"
              },
              {
                "name": "Message",
                "value": "0x00000060"
              }
            ],
            "repeated": 0,
            "id": 19477
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19478
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "351"
              },
              {
                "name": "y",
                "value": "165"
              }
            ],
            "repeated": 0,
            "id": 19479
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "synchronization",
            "api": "NtOpenEvent",
            "status": false,
            "return": "0xffffffffc0000034",
            "pretty_return": "OBJECT_NAME_NOT_FOUND",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x00000000"
              },
              {
                "name": "EventName",
                "value": "Local\\2ImmersiveFocusTrackingActiveEvent"
              }
            ],
            "repeated": 0,
            "id": 19480
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19481
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "357"
              },
              {
                "name": "y",
                "value": "171"
              }
            ],
            "repeated": 0,
            "id": 19482
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aea4000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19483
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19484
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "363"
              },
              {
                "name": "y",
                "value": "176"
              }
            ],
            "repeated": 0,
            "id": 19485
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19486
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": ""
              },
              {
                "name": "Ordinal",
                "value": "2613"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d62850"
              }
            ],
            "repeated": 0,
            "id": 19487
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "process",
            "api": "NtProtectVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x70504000"
              },
              {
                "name": "ModuleName",
                "value": "CoreMessaging.dll"
              },
              {
                "name": "NumberOfBytesProtected",
                "value": "0x00001000"
              },
              {
                "name": "MemoryType",
                "value": "0x00000000"
              },
              {
                "name": "NewAccessProtection",
                "value": "0x00000002",
                "pretty_value": "PAGE_READONLY"
              },
              {
                "name": "OldAccessProtection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19488
          },
          {
            "timestamp": "2026-06-28 21:56:35,385",
            "thread_id": "2784",
            "caller": "0x0c56d8a2",
            "parentcaller": "0x0c56d452",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00030498"
              },
              {
                "name": "Message",
                "value": "0x00000060"
              }
            ],
            "repeated": 0,
            "id": 19489
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19490
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19491
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "369"
              },
              {
                "name": "y",
                "value": "182"
              }
            ],
            "repeated": 0,
            "id": 19492
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19493
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19494
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19495
          },
          {
            "timestamp": "2026-06-28 21:56:35,401",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19496
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "2784",
            "caller": "0x0c56d4fb",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "GetMessageA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d45bc0"
              }
            ],
            "repeated": 0,
            "id": 19497
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "2784",
            "caller": "0x0c56d5a4",
            "parentcaller": "0x0b23f0a2",
            "category": "system",
            "api": "LdrGetProcedureAddressForCaller",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ModuleName",
                "value": "USER32.dll"
              },
              {
                "name": "ModuleHandle",
                "value": "0x75d20000"
              },
              {
                "name": "FunctionName",
                "value": "DispatchMessageA"
              },
              {
                "name": "Ordinal",
                "value": "0"
              },
              {
                "name": "FunctionAddress",
                "value": "0x75d4a320"
              }
            ],
            "repeated": 0,
            "id": 19498
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19499
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19500
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "1"
              }
            ],
            "repeated": 0,
            "id": 19501
          },
          {
            "timestamp": "2026-06-28 21:56:35,417",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "382"
              },
              {
                "name": "y",
                "value": "194"
              }
            ],
            "repeated": 1,
            "id": 19502
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19503
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19504
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19505
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19506
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19507
          },
          {
            "timestamp": "2026-06-28 21:56:35,432",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "402"
              },
              {
                "name": "y",
                "value": "214"
              }
            ],
            "repeated": 0,
            "id": 19508
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19509
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19510
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19511
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "14"
              }
            ],
            "repeated": 0,
            "id": 19512
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19513
          },
          {
            "timestamp": "2026-06-28 21:56:35,448",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "416"
              },
              {
                "name": "y",
                "value": "227"
              }
            ],
            "repeated": 0,
            "id": 19514
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19515
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19516
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19517
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 19518
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19519
          },
          {
            "timestamp": "2026-06-28 21:56:35,464",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "430"
              },
              {
                "name": "y",
                "value": "241"
              }
            ],
            "repeated": 0,
            "id": 19520
          },
          {
            "timestamp": "2026-06-28 21:56:35,479",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19521
          },
          {
            "timestamp": "2026-06-28 21:56:35,479",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19522
          },
          {
            "timestamp": "2026-06-28 21:56:35,479",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19523
          },
          {
            "timestamp": "2026-06-28 21:56:35,479",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "12"
              }
            ],
            "repeated": 0,
            "id": 19524
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19525
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19526
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19527
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "11"
              }
            ],
            "repeated": 0,
            "id": 19528
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19529
          },
          {
            "timestamp": "2026-06-28 21:56:35,495",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "460"
              },
              {
                "name": "y",
                "value": "268"
              }
            ],
            "repeated": 0,
            "id": 19530
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19531
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19532
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19533
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "9"
              }
            ],
            "repeated": 0,
            "id": 19534
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19535
          },
          {
            "timestamp": "2026-06-28 21:56:35,510",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "476"
              },
              {
                "name": "y",
                "value": "283"
              }
            ],
            "repeated": 0,
            "id": 19536
          },
          {
            "timestamp": "2026-06-28 21:56:35,526",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19537
          },
          {
            "timestamp": "2026-06-28 21:56:35,526",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "484"
              },
              {
                "name": "y",
                "value": "290"
              }
            ],
            "repeated": 0,
            "id": 19538
          },
          {
            "timestamp": "2026-06-28 21:56:35,526",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19539
          },
          {
            "timestamp": "2026-06-28 21:56:35,542",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19540
          },
          {
            "timestamp": "2026-06-28 21:56:35,542",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19541
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19542
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19543
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19544
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 19545
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19546
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "process",
            "api": "NtAllocateVirtualMemory",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "ProcessHandle",
                "value": "0xffffffff"
              },
              {
                "name": "BaseAddress",
                "value": "0x0aea6000"
              },
              {
                "name": "RegionSize",
                "value": "0x00002000"
              },
              {
                "name": "Protection",
                "value": "0x00000004",
                "pretty_value": "PAGE_READWRITE"
              },
              {
                "name": "StackPivoted",
                "value": "no"
              }
            ],
            "repeated": 0,
            "id": 19547
          },
          {
            "timestamp": "2026-06-28 21:56:35,557",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "508"
              },
              {
                "name": "y",
                "value": "311"
              }
            ],
            "repeated": 0,
            "id": 19548
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19549
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19550
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19551
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "8"
              }
            ],
            "repeated": 0,
            "id": 19552
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19553
          },
          {
            "timestamp": "2026-06-28 21:56:35,573",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "525"
              },
              {
                "name": "y",
                "value": "325"
              }
            ],
            "repeated": 0,
            "id": 19554
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19555
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19556
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19557
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19558
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "4"
              }
            ],
            "repeated": 0,
            "id": 19559
          },
          {
            "timestamp": "2026-06-28 21:56:35,589",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "542"
              },
              {
                "name": "y",
                "value": "338"
              }
            ],
            "repeated": 0,
            "id": 19560
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19561
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19562
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19563
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "2"
              }
            ],
            "repeated": 0,
            "id": 19564
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19565
          },
          {
            "timestamp": "2026-06-28 21:56:35,604",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "559"
              },
              {
                "name": "y",
                "value": "352"
              }
            ],
            "repeated": 0,
            "id": 19566
          },
          {
            "timestamp": "2026-06-28 21:56:35,635",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19567
          },
          {
            "timestamp": "2026-06-28 21:56:35,635",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19568
          },
          {
            "timestamp": "2026-06-28 21:56:35,635",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "576"
              },
              {
                "name": "y",
                "value": "365"
              }
            ],
            "repeated": 0,
            "id": 19569
          },
          {
            "timestamp": "2026-06-28 21:56:35,635",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19570
          },
          {
            "timestamp": "2026-06-28 21:56:35,635",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19571
          },
          {
            "timestamp": "2026-06-28 21:56:35,651",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19572
          },
          {
            "timestamp": "2026-06-28 21:56:35,651",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "594"
              },
              {
                "name": "y",
                "value": "378"
              }
            ],
            "repeated": 0,
            "id": 19573
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19574
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19575
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19576
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19577
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "2784",
            "caller": "0x0c56dac7",
            "parentcaller": "0x0c56d4df",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19578
          },
          {
            "timestamp": "2026-06-28 21:56:35,667",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "612"
              },
              {
                "name": "y",
                "value": "390"
              }
            ],
            "repeated": 0,
            "id": 19579
          },
          {
            "timestamp": "2026-06-28 21:56:35,682",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19580
          },
          {
            "timestamp": "2026-06-28 21:56:35,682",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19581
          },
          {
            "timestamp": "2026-06-28 21:56:35,682",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19582
          },
          {
            "timestamp": "2026-06-28 21:56:35,682",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "15"
              }
            ],
            "repeated": 0,
            "id": 19583
          },
          {
            "timestamp": "2026-06-28 21:56:35,698",
            "thread_id": "1128",
            "caller": "0x70eb4a3f",
            "parentcaller": "0x70f41660",
            "category": "windows",
            "api": "PostMessageW",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "WindowHandle",
                "value": "0x00040464"
              },
              {
                "name": "Message",
                "value": "0x00008002"
              }
            ],
            "repeated": 0,
            "id": 19584
          },
          {
            "timestamp": "2026-06-28 21:56:35,698",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19585
          },
          {
            "timestamp": "2026-06-28 21:56:35,698",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "GetSystemTimeAsFileTime",
            "status": true,
            "return": "0x00000000",
            "arguments": [],
            "repeated": 0,
            "id": 19586
          },
          {
            "timestamp": "2026-06-28 21:56:35,698",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "13"
              }
            ],
            "repeated": 0,
            "id": 19587
          },
          {
            "timestamp": "2026-06-28 21:56:35,698",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "648"
              },
              {
                "name": "y",
                "value": "412"
              }
            ],
            "repeated": 0,
            "id": 19588
          },
          {
            "timestamp": "2026-06-28 21:56:35,714",
            "thread_id": "1128",
            "caller": "0x75b911a9",
            "parentcaller": "0x75b91102",
            "category": "system",
            "api": "NtWaitForSingleObject",
            "status": true,
            "return": "0x00000000",
            "arguments": [
              {
                "name": "Handle",
                "value": "0x000007c8"
              },
              {
                "name": "Milliseconds",
                "value": "18446744073709551615"
              },
              {
                "name": "Status",
                "value": "Infinite"
              }
            ],
            "repeated": 0,
            "id": 19589
          },
          {
            "timestamp": "2026-06-28 21:56:35,714",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "675"
              },
              {
                "name": "y",
                "value": "427"
              }
            ],
            "repeated": 0,
            "id": 19590
          },
          {
            "timestamp": "2026-06-28 21:56:35,729",
            "thread_id": "2784",
            "caller": "0x0c56df87",
            "parentcaller": "0x0c56d597",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "702"
              },
              {
                "name": "y",
                "value": "441"
              }
            ],
            "repeated": 1,
            "id": 19591
          },
          {
            "timestamp": "2026-06-28 21:56:35,745",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "730"
              },
              {
                "name": "y",
                "value": "452"
              }
            ],
            "repeated": 0,
            "id": 19592
          },
          {
            "timestamp": "2026-06-28 21:56:35,776",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "766"
              },
              {
                "name": "y",
                "value": "462"
              }
            ],
            "repeated": 0,
            "id": 19593
          },
          {
            "timestamp": "2026-06-28 21:56:35,792",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "803"
              },
              {
                "name": "y",
                "value": "469"
              }
            ],
            "repeated": 1,
            "id": 19594
          },
          {
            "timestamp": "2026-06-28 21:56:37,839",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "794"
              },
              {
                "name": "y",
                "value": "456"
              }
            ],
            "repeated": 0,
            "id": 19595
          },
          {
            "timestamp": "2026-06-28 21:56:37,854",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "787"
              },
              {
                "name": "y",
                "value": "445"
              }
            ],
            "repeated": 0,
            "id": 19596
          },
          {
            "timestamp": "2026-06-28 21:56:37,870",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "778"
              },
              {
                "name": "y",
                "value": "432"
              }
            ],
            "repeated": 0,
            "id": 19597
          },
          {
            "timestamp": "2026-06-28 21:56:37,885",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "769"
              },
              {
                "name": "y",
                "value": "418"
              }
            ],
            "repeated": 0,
            "id": 19598
          },
          {
            "timestamp": "2026-06-28 21:56:37,901",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "763"
              },
              {
                "name": "y",
                "value": "408"
              }
            ],
            "repeated": 0,
            "id": 19599
          },
          {
            "timestamp": "2026-06-28 21:56:37,932",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "753"
              },
              {
                "name": "y",
                "value": "392"
              }
            ],
            "repeated": 0,
            "id": 19600
          },
          {
            "timestamp": "2026-06-28 21:56:37,948",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "743"
              },
              {
                "name": "y",
                "value": "376"
              }
            ],
            "repeated": 0,
            "id": 19601
          },
          {
            "timestamp": "2026-06-28 21:56:37,964",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "739"
              },
              {
                "name": "y",
                "value": "370"
              }
            ],
            "repeated": 0,
            "id": 19602
          },
          {
            "timestamp": "2026-06-28 21:56:37,979",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "732"
              },
              {
                "name": "y",
                "value": "358"
              }
            ],
            "repeated": 0,
            "id": 19603
          },
          {
            "timestamp": "2026-06-28 21:56:37,995",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "720"
              },
              {
                "name": "y",
                "value": "340"
              }
            ],
            "repeated": 0,
            "id": 19604
          },
          {
            "timestamp": "2026-06-28 21:56:38,026",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "705"
              },
              {
                "name": "y",
                "value": "314"
              }
            ],
            "repeated": 0,
            "id": 19605
          },
          {
            "timestamp": "2026-06-28 21:56:38,042",
            "thread_id": "2784",
            "caller": "0x07fa31f7",
            "parentcaller": "0x07fa311a",
            "category": "misc",
            "api": "GetCursorPos",
            "status": true,
            "return": "0x00000001",
            "arguments": [
              {
                "name": "x",
                "value": "701"
              },
              {
                "name": "y",
                "value": "308"
              }
            ],
            "repeated": 0,
            "id": 19606
          }
        ],
        "threads": [
          "2784",
          "2520",
          "2296",
          "612",
          "3548",
          "3768",
          "2124",
          "3140",
          "928",
          "4156",
          "3812",
          "3472",
          "368",
          "1396",
          "1128",
          "512",
          "1896",
          "3796"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x00b60000",
          "MainExeSize": "0x0002c000",
          "Bitness": "32-bit"
        },
        "file_activities": {
          "read_files": [],
          "write_files": [],
          "delete_files": []
        }
      }
    ],
    "anomaly": [],
    "processtree": [
      {
        "name": "HTMLive.exe",
        "pid": 4500,
        "parent_id": 2892,
        "module_path": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "children": [],
        "threads": [
          "2784",
          "2520",
          "2296",
          "612",
          "3548",
          "3768",
          "2124",
          "3140",
          "928",
          "4156",
          "3812",
          "3472",
          "368",
          "1396",
          "1128",
          "512",
          "1896",
          "3796"
        ],
        "environ": {
          "UserName": "Rajesh",
          "ComputerName": "DESKTOP-P54VDBR",
          "WindowsPath": "C:\\Windows",
          "TempPath": "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\",
          "CommandLine": "\"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\" ",
          "RegisteredOwner": "",
          "RegisteredOrganization": "",
          "ProductName": "",
          "SystemVolumeSerialNumber": "1c64-b66f",
          "SystemVolumeGUID": "e1e1ae7a-0000-0000-0000-300300000000",
          "MachineGUID": "",
          "MainExeBase": "0x00b60000",
          "MainExeSize": "0x0002c000",
          "Bitness": "32-bit"
        }
      }
    ],
    "summary": {
      "files": [
        "C:\\Windows\\System32\\MSCOREE.DLL.local",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\*",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.config",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config",
        "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\fusion.localgac",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\HTMLive.exe.log",
        "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\*",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\mscorlib.INI",
        "C:\\Users",
        "C:\\Users\\Rajesh",
        "C:\\Users\\Rajesh\\AppData",
        "C:\\Users\\Rajesh\\AppData\\Local",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp",
        "C:\\Windows\\System32\\bcryptPrimitives.dll",
        "\\Device\\CNG",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\livehtml\\*",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.INI",
        "C:\\Windows\\assembly\\pubpol36.dat",
        "C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\*",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.INI",
        "C:\\Windows\\System32\\windows.storage.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\Wldp.dll",
        "C:\\Windows\\System32\\wldp.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll",
        "C:\\Windows\\System32\\riched20.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\winnlsres.dll",
        "C:\\Windows\\System32\\winnlsres.dll",
        "C:\\Windows\\System32\\en-US\\winnlsres.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\winnlsres.dll.mui",
        "C:\\Windows\\WinSxS\\SystemResources\\gdiplus.dll.mun",
        "C:\\Windows\\System32\\DWrite.dll",
        "C:\\Windows\\System32\\msctf.dll",
        "C:\\Windows\\Fonts\\arial.ttf",
        "C:\\Windows\\Fonts\\ariblk.ttf",
        "C:\\Windows\\Fonts\\arialbd.ttf",
        "C:\\Windows\\Fonts\\arialbi.ttf",
        "C:\\Windows\\Fonts\\ariali.ttf",
        "C:\\Windows\\Fonts\\BAHNSCHRIFT.TTF",
        "C:\\Windows\\Fonts\\calibri.ttf",
        "C:\\Windows\\Fonts\\calibrib.ttf",
        "C:\\Windows\\Fonts\\calibriz.ttf",
        "C:\\Windows\\Fonts\\calibrii.ttf",
        "C:\\Windows\\Fonts\\calibril.ttf",
        "C:\\Windows\\Fonts\\CALIBRILI.TTF",
        "C:\\Windows\\Fonts\\cambria.ttc",
        "C:\\Windows\\Fonts\\cambriab.ttf",
        "C:\\Windows\\Fonts\\cambriaz.ttf",
        "C:\\Windows\\Fonts\\cambriai.ttf",
        "C:\\Windows\\Fonts\\Candara.ttf",
        "C:\\Windows\\Fonts\\Candarab.ttf",
        "C:\\Windows\\Fonts\\Candaraz.ttf",
        "C:\\Windows\\Fonts\\Candarai.ttf",
        "C:\\Windows\\Fonts\\Candaral.ttf",
        "C:\\Windows\\Fonts\\CANDARALI.TTF",
        "C:\\Windows\\Fonts\\comic.ttf",
        "C:\\Windows\\Fonts\\comicbd.ttf",
        "C:\\Windows\\Fonts\\comicz.ttf",
        "C:\\Windows\\Fonts\\comici.ttf",
        "C:\\Windows\\Fonts\\consola.ttf",
        "C:\\Windows\\Fonts\\consolab.ttf",
        "C:\\Windows\\Fonts\\consolaz.ttf",
        "C:\\Windows\\Fonts\\consolai.ttf",
        "C:\\Windows\\Fonts\\constan.ttf",
        "C:\\Windows\\Fonts\\constanb.ttf",
        "C:\\Windows\\Fonts\\constanz.ttf",
        "C:\\Windows\\Fonts\\constani.ttf",
        "C:\\Windows\\Fonts\\corbel.ttf",
        "C:\\Windows\\Fonts\\corbelb.ttf",
        "C:\\Windows\\Fonts\\corbelz.ttf",
        "C:\\Windows\\Fonts\\corbeli.ttf",
        "C:\\Windows\\Fonts\\corbell.ttf",
        "C:\\Windows\\Fonts\\corbelli.ttf",
        "C:\\Windows\\Fonts\\cour.ttf",
        "C:\\Windows\\Fonts\\courbd.ttf",
        "C:\\Windows\\Fonts\\courbi.ttf",
        "C:\\Windows\\Fonts\\couri.ttf",
        "C:\\Windows\\Fonts\\ebrima.ttf",
        "C:\\Windows\\Fonts\\ebrimabd.ttf",
        "C:\\Windows\\Fonts\\framd.ttf",
        "C:\\Windows\\Fonts\\framdit.ttf",
        "C:\\Windows\\Fonts\\Gabriola.ttf",
        "C:\\Windows\\Fonts\\gadugi.ttf",
        "C:\\Windows\\Fonts\\gadugib.ttf",
        "C:\\Windows\\Fonts\\georgia.ttf",
        "C:\\Windows\\Fonts\\georgiab.ttf",
        "C:\\Windows\\Fonts\\georgiaz.ttf",
        "C:\\Windows\\Fonts\\georgiai.ttf",
        "C:\\Windows\\Fonts\\impact.ttf",
        "C:\\Windows\\Fonts\\Inkfree.ttf",
        "C:\\Windows\\Fonts\\javatext.ttf",
        "C:\\Windows\\Fonts\\LeelawUI.ttf",
        "C:\\Windows\\Fonts\\LeelaUIb.ttf",
        "C:\\Windows\\Fonts\\LeelUIsl.ttf",
        "C:\\Windows\\Fonts\\lucon.ttf",
        "C:\\Windows\\Fonts\\l_10646.ttf",
        "C:\\Windows\\Fonts\\malgun.ttf",
        "C:\\Windows\\Fonts\\malgunbd.ttf",
        "C:\\Windows\\Fonts\\malgunsl.ttf",
        "C:\\Windows\\Fonts\\himalaya.ttf",
        "C:\\Windows\\Fonts\\msjh.ttc",
        "C:\\Windows\\Fonts\\msjhbd.ttc",
        "C:\\Windows\\Fonts\\msjhl.ttc",
        "C:\\Windows\\Fonts\\ntailu.ttf",
        "C:\\Windows\\Fonts\\ntailub.ttf",
        "C:\\Windows\\Fonts\\phagspa.ttf",
        "C:\\Windows\\Fonts\\phagspab.ttf",
        "C:\\Windows\\Fonts\\micross.ttf",
        "C:\\Windows\\Fonts\\taile.ttf",
        "C:\\Windows\\Fonts\\taileb.ttf",
        "C:\\Windows\\Fonts\\msyh.ttc",
        "C:\\Windows\\Fonts\\msyhbd.ttc",
        "C:\\Windows\\Fonts\\msyhl.ttc",
        "C:\\Windows\\Fonts\\msyi.ttf",
        "C:\\Windows\\Fonts\\mingliub.ttc",
        "C:\\Windows\\Fonts\\modern.fon",
        "C:\\Windows\\Fonts\\monbaiti.ttf",
        "C:\\Windows\\Fonts\\msgothic.ttc",
        "C:\\Windows\\Fonts\\mvboli.ttf",
        "C:\\Windows\\Fonts\\mmrtext.ttf",
        "C:\\Windows\\Fonts\\mmrtextb.ttf",
        "C:\\Windows\\Fonts\\Nirmala.ttf",
        "C:\\Windows\\Fonts\\NirmalaB.ttf",
        "C:\\Windows\\Fonts\\NirmalaS.ttf",
        "C:\\Windows\\Fonts\\pala.ttf",
        "C:\\Windows\\Fonts\\palab.ttf",
        "C:\\Windows\\Fonts\\palabi.ttf",
        "C:\\Windows\\Fonts\\palai.ttf",
        "C:\\Windows\\Fonts\\roman.fon",
        "C:\\Windows\\Fonts\\script.fon",
        "C:\\Windows\\Fonts\\segmdl2.ttf",
        "C:\\Windows\\Fonts\\segoepr.ttf",
        "C:\\Windows\\Fonts\\segoeprb.ttf",
        "C:\\Windows\\Fonts\\segoesc.ttf",
        "C:\\Windows\\Fonts\\segoescb.ttf",
        "C:\\Windows\\Fonts\\segoeui.ttf",
        "C:\\Windows\\Fonts\\seguibl.ttf",
        "C:\\Windows\\Fonts\\seguibli.ttf",
        "C:\\Windows\\Fonts\\segoeuib.ttf",
        "C:\\Windows\\Fonts\\segoeuiz.ttf",
        "C:\\Windows\\Fonts\\seguiemj.ttf",
        "C:\\Windows\\Fonts\\seguihis.ttf",
        "C:\\Windows\\Fonts\\segoeuii.ttf",
        "C:\\Windows\\Fonts\\segoeuil.ttf",
        "C:\\Windows\\Fonts\\seguili.ttf",
        "C:\\Windows\\Fonts\\seguisb.ttf",
        "C:\\Windows\\Fonts\\seguisbi.ttf",
        "C:\\Windows\\Fonts\\SEGOEUISL.TTF",
        "C:\\Windows\\Fonts\\seguisli.ttf",
        "C:\\Windows\\Fonts\\seguisym.ttf",
        "C:\\Windows\\Fonts\\simsun.ttc",
        "C:\\Windows\\Fonts\\simsunb.ttf",
        "C:\\Windows\\Fonts\\Sitka.ttc",
        "C:\\Windows\\Fonts\\SitkaB.ttc",
        "C:\\Windows\\Fonts\\SitkaZ.ttc",
        "C:\\Windows\\Fonts\\SitkaI.ttc",
        "C:\\Windows\\Fonts\\sylfaen.ttf",
        "C:\\Windows\\Fonts\\symbol.ttf",
        "C:\\Windows\\Fonts\\tahoma.ttf",
        "C:\\Windows\\Fonts\\tahomabd.ttf",
        "C:\\Windows\\Fonts\\times.ttf",
        "C:\\Windows\\Fonts\\timesbd.ttf",
        "C:\\Windows\\Fonts\\timesbi.ttf",
        "C:\\Windows\\Fonts\\timesi.ttf",
        "C:\\Windows\\Fonts\\trebuc.ttf",
        "C:\\Windows\\Fonts\\trebucbd.ttf",
        "C:\\Windows\\Fonts\\trebucbi.ttf",
        "C:\\Windows\\Fonts\\trebucit.ttf",
        "C:\\Windows\\Fonts\\verdana.ttf",
        "C:\\Windows\\Fonts\\verdanab.ttf",
        "C:\\Windows\\Fonts\\verdanaz.ttf",
        "C:\\Windows\\Fonts\\verdanai.ttf",
        "C:\\Windows\\Fonts\\webdings.ttf",
        "C:\\Windows\\Fonts\\wingding.ttf",
        "C:\\Windows\\Fonts\\YuGothB.ttc",
        "C:\\Windows\\Fonts\\YuGothL.ttc",
        "C:\\Windows\\Fonts\\YuGothM.ttc",
        "C:\\Windows\\Fonts\\YuGothR.ttc",
        "C:\\Windows\\Fonts\\coure.fon",
        "C:\\Windows\\Fonts\\courf.fon",
        "C:\\Windows\\Fonts\\serife.fon",
        "C:\\Windows\\Fonts\\seriff.fon",
        "C:\\Windows\\Fonts\\sserife.fon",
        "C:\\Windows\\Fonts\\sseriff.fon",
        "C:\\Windows\\Fonts\\smalle.fon",
        "C:\\Windows\\Fonts\\smallf.fon",
        "C:\\PROGRAM FILES\\COMMON FILES\\MICROSOFT SHARED\\EQUATION\\MTEXTRA.TTF",
        "C:\\Windows\\Fonts\\CENTURY.TTF",
        "C:\\Windows\\Fonts\\LEELAWAD.TTF",
        "C:\\Windows\\Fonts\\MSUIGHUR.TTF",
        "C:\\Windows\\Fonts\\WINGDNG2.TTF",
        "C:\\Windows\\Fonts\\WINGDNG3.TTF",
        "C:\\Windows\\Fonts\\TEMPSITC.TTF",
        "C:\\Windows\\Fonts\\PRISTINA.TTF",
        "C:\\Windows\\Fonts\\PAPYRUS.TTF",
        "C:\\Windows\\Fonts\\MISTRAL.TTF",
        "C:\\Windows\\Fonts\\LHANDW.TTF",
        "C:\\Windows\\Fonts\\ITCKRIST.TTF",
        "C:\\Windows\\Fonts\\JUICE___.TTF",
        "C:\\Windows\\Fonts\\FRSCRIPT.TTF",
        "C:\\Windows\\Fonts\\FREESCPT.TTF",
        "C:\\Windows\\Fonts\\BRADHITC.TTF",
        "C:\\Windows\\Fonts\\OUTLOOK.TTF",
        "C:\\Windows\\Fonts\\ARIALN.TTF",
        "C:\\Windows\\Fonts\\BKANT.TTF",
        "C:\\Windows\\Fonts\\GARA.TTF",
        "C:\\Windows\\Fonts\\MTCORSVA.TTF",
        "C:\\Windows\\Fonts\\GOTHIC.TTF",
        "C:\\Windows\\Fonts\\ALGER.TTF",
        "C:\\Windows\\Fonts\\BASKVILL.TTF",
        "C:\\Windows\\Fonts\\BAUHS93.TTF",
        "C:\\Windows\\Fonts\\BELL.TTF",
        "C:\\Windows\\Fonts\\BRLNSB.TTF",
        "C:\\Windows\\Fonts\\BERNHC.TTF",
        "C:\\Windows\\Fonts\\BOD_PSTC.TTF",
        "C:\\Windows\\Fonts\\BRITANIC.TTF",
        "C:\\Windows\\Fonts\\BROADW.TTF",
        "C:\\Windows\\Fonts\\BRUSHSCI.TTF",
        "C:\\Windows\\Fonts\\CALIFR.TTF",
        "C:\\Windows\\Fonts\\CENTAUR.TTF",
        "C:\\Windows\\Fonts\\CHILLER.TTF",
        "C:\\Windows\\Fonts\\COLONNA.TTF",
        "C:\\Windows\\Fonts\\COOPBL.TTF",
        "C:\\Windows\\Fonts\\FTLTLT.TTF",
        "C:\\Windows\\Fonts\\HARLOWSI.TTF",
        "C:\\Windows\\Fonts\\HARNGTON.TTF",
        "C:\\Windows\\Fonts\\HTOWERT.TTF",
        "C:\\Windows\\Fonts\\JOKERMAN.TTF",
        "C:\\Windows\\Fonts\\KUNSTLER.TTF",
        "C:\\Windows\\Fonts\\LBRITE.TTF",
        "C:\\Windows\\Fonts\\LCALLIG.TTF",
        "C:\\Windows\\Fonts\\LFAX.TTF",
        "C:\\Windows\\Fonts\\MAGNETOB.TTF",
        "C:\\Windows\\Fonts\\MATURASC.TTF",
        "C:\\Windows\\Fonts\\MOD20.TTF",
        "C:\\Windows\\Fonts\\NIAGENG.TTF",
        "C:\\Windows\\Fonts\\NIAGSOL.TTF",
        "C:\\Windows\\Fonts\\OLDENGL.TTF",
        "C:\\Windows\\Fonts\\ONYX.TTF",
        "C:\\Windows\\Fonts\\PARCHM.TTF",
        "C:\\Windows\\Fonts\\PLAYBILL.TTF",
        "C:\\Windows\\Fonts\\POORICH.TTF",
        "C:\\Windows\\Fonts\\RAVIE.TTF",
        "C:\\Windows\\Fonts\\INFROMAN.TTF",
        "C:\\Windows\\Fonts\\SHOWG.TTF",
        "C:\\Windows\\Fonts\\SNAP____.TTF",
        "C:\\Windows\\Fonts\\STENCIL.TTF",
        "C:\\Windows\\Fonts\\VINERITC.TTF",
        "C:\\Windows\\Fonts\\VIVALDII.TTF",
        "C:\\Windows\\Fonts\\VLADIMIR.TTF",
        "C:\\Windows\\Fonts\\LATINWD.TTF",
        "C:\\Windows\\Fonts\\TCM_____.TTF",
        "C:\\Windows\\Fonts\\TCCB____.TTF",
        "C:\\Windows\\Fonts\\TCCM____.TTF",
        "C:\\Windows\\Fonts\\TCB_____.TTF",
        "C:\\Windows\\Fonts\\SCRIPTBL.TTF",
        "C:\\Windows\\Fonts\\ROCKEB.TTF",
        "C:\\Windows\\Fonts\\ROCC____.TTF",
        "C:\\Windows\\Fonts\\ROCK.TTF",
        "C:\\Windows\\Fonts\\RAGE.TTF",
        "C:\\Windows\\Fonts\\PERTIBD.TTF",
        "C:\\Windows\\Fonts\\PER_____.TTF",
        "C:\\Windows\\Fonts\\PALSCRI.TTF",
        "C:\\Windows\\Fonts\\OCRAEXT.TTF",
        "C:\\Windows\\Fonts\\MAIAN.TTF",
        "C:\\Windows\\Fonts\\LTYPE.TTF",
        "C:\\Windows\\Fonts\\LSANS.TTF",
        "C:\\Windows\\Fonts\\IMPRISHA.TTF",
        "C:\\Windows\\Fonts\\HATTEN.TTF",
        "C:\\Windows\\Fonts\\GOUDYSTO.TTF",
        "C:\\Windows\\Fonts\\GOUDOS.TTF",
        "C:\\Windows\\Fonts\\GLECB.TTF",
        "C:\\Windows\\Fonts\\GILLUBCD.TTF",
        "C:\\Windows\\Fonts\\GILSANUB.TTF",
        "C:\\Windows\\Fonts\\GILC____.TTF",
        "C:\\Windows\\Fonts\\GIL_____.TTF",
        "C:\\Windows\\Fonts\\GLSNECB.TTF",
        "C:\\Windows\\Fonts\\GIGI.TTF",
        "C:\\Windows\\Fonts\\FRAMDCN.TTF",
        "C:\\Windows\\Fonts\\FRAHV.TTF",
        "C:\\Windows\\Fonts\\FRADMCN.TTF",
        "C:\\Windows\\Fonts\\FRADM.TTF",
        "C:\\Windows\\Fonts\\FRABK.TTF",
        "C:\\Windows\\Fonts\\FORTE.TTF",
        "C:\\Windows\\Fonts\\FELIXTI.TTF",
        "C:\\Windows\\Fonts\\ERASMD.TTF",
        "C:\\Windows\\Fonts\\ERASLGHT.TTF",
        "C:\\Windows\\Fonts\\ERASDEMI.TTF",
        "C:\\Windows\\Fonts\\ERASBD.TTF",
        "C:\\Windows\\Fonts\\ENGR.TTF",
        "C:\\Windows\\Fonts\\ELEPHNT.TTF",
        "C:\\Windows\\Fonts\\ITCEDSCR.TTF",
        "C:\\Windows\\Fonts\\CURLZ___.TTF",
        "C:\\Windows\\Fonts\\COPRGTL.TTF",
        "C:\\Windows\\Fonts\\COPRGTB.TTF",
        "C:\\Windows\\Fonts\\CENSCBK.TTF",
        "C:\\Windows\\Fonts\\CASTELAR.TTF",
        "C:\\Windows\\Fonts\\CALIST.TTF",
        "C:\\Windows\\Fonts\\BOOKOS.TTF",
        "C:\\Windows\\Fonts\\BOD_CR.TTF",
        "C:\\Windows\\Fonts\\BOD_BLAR.TTF",
        "C:\\Windows\\Fonts\\BOD_R.TTF",
        "C:\\Windows\\Fonts\\ITCBLKAD.TTF",
        "C:\\Windows\\Fonts\\ARLRDBD.TTF",
        "C:\\Windows\\Fonts\\AGENCYB.TTF",
        "C:\\Windows\\Fonts\\LEELAWDB.TTF",
        "C:\\Windows\\Fonts\\MSUIGHUB.TTF",
        "C:\\Windows\\Fonts\\BSSYM7.TTF",
        "C:\\Windows\\Fonts\\REFSAN.TTF",
        "C:\\Windows\\Fonts\\REFSPCL.TTF",
        "C:\\Windows\\Fonts\\ARIALNB.TTF",
        "C:\\Windows\\Fonts\\ARIALNBI.TTF",
        "C:\\Windows\\Fonts\\ARIALNI.TTF",
        "C:\\Windows\\Fonts\\ANTQUAB.TTF",
        "C:\\Windows\\Fonts\\ANTQUABI.TTF",
        "C:\\Windows\\Fonts\\ANTQUAI.TTF",
        "C:\\Windows\\Fonts\\GARABD.TTF",
        "C:\\Windows\\Fonts\\GARAIT.TTF",
        "C:\\Windows\\Fonts\\GOTHICB.TTF",
        "C:\\Windows\\Fonts\\GOTHICBI.TTF",
        "C:\\Windows\\Fonts\\GOTHICI.TTF",
        "C:\\Windows\\Fonts\\BELLB.TTF",
        "C:\\Windows\\Fonts\\BELLI.TTF",
        "C:\\Windows\\Fonts\\BRLNSDB.TTF",
        "C:\\Windows\\Fonts\\BRLNSR.TTF",
        "C:\\Windows\\Fonts\\CALIFB.TTF",
        "C:\\Windows\\Fonts\\CALIFI.TTF",
        "C:\\Windows\\Fonts\\HTOWERTI.TTF",
        "C:\\Windows\\Fonts\\LBRITED.TTF",
        "C:\\Windows\\Fonts\\LBRITEDI.TTF",
        "C:\\Windows\\Fonts\\LBRITEI.TTF",
        "C:\\Windows\\Fonts\\LFAXD.TTF",
        "C:\\Windows\\Fonts\\LFAXDI.TTF",
        "C:\\Windows\\Fonts\\LFAXI.TTF",
        "C:\\Windows\\Fonts\\TCMI____.TTF",
        "C:\\Windows\\Fonts\\TCCEB.TTF",
        "C:\\Windows\\Fonts\\TCBI____.TTF",
        "C:\\Windows\\Fonts\\ROCCB___.TTF",
        "C:\\Windows\\Fonts\\ROCKB.TTF",
        "C:\\Windows\\Fonts\\ROCKBI.TTF",
        "C:\\Windows\\Fonts\\ROCKI.TTF",
        "C:\\Windows\\Fonts\\PERTILI.TTF",
        "C:\\Windows\\Fonts\\PERBI___.TTF",
        "C:\\Windows\\Fonts\\PERB____.TTF",
        "C:\\Windows\\Fonts\\PERI____.TTF",
        "C:\\Windows\\Fonts\\LTYPEB.TTF",
        "C:\\Windows\\Fonts\\LTYPEBO.TTF",
        "C:\\Windows\\Fonts\\LTYPEO.TTF",
        "C:\\Windows\\Fonts\\LSANSD.TTF",
        "C:\\Windows\\Fonts\\LSANSDI.TTF",
        "C:\\Windows\\Fonts\\LSANSI.TTF",
        "C:\\Windows\\Fonts\\GOUDOSB.TTF",
        "C:\\Windows\\Fonts\\GOUDOSI.TTF",
        "C:\\Windows\\Fonts\\GILBI___.TTF",
        "C:\\Windows\\Fonts\\GILB____.TTF",
        "C:\\Windows\\Fonts\\GILI____.TTF",
        "C:\\Windows\\Fonts\\FRAHVIT.TTF",
        "C:\\Windows\\Fonts\\FRADMIT.TTF",
        "C:\\Windows\\Fonts\\FRABKIT.TTF",
        "C:\\Windows\\Fonts\\ELEPHNTI.TTF",
        "C:\\Windows\\Fonts\\SCHLBKB.TTF",
        "C:\\Windows\\Fonts\\SCHLBKBI.TTF",
        "C:\\Windows\\Fonts\\SCHLBKI.TTF",
        "C:\\Windows\\Fonts\\CALISTB.TTF",
        "C:\\Windows\\Fonts\\CALISTBI.TTF",
        "C:\\Windows\\Fonts\\CALISTI.TTF",
        "C:\\Windows\\Fonts\\BOOKOSB.TTF",
        "C:\\Windows\\Fonts\\BOOKOSBI.TTF",
        "C:\\Windows\\Fonts\\BOOKOSI.TTF",
        "C:\\Windows\\Fonts\\BOD_CB.TTF",
        "C:\\Windows\\Fonts\\BOD_CBI.TTF",
        "C:\\Windows\\Fonts\\BOD_CI.TTF",
        "C:\\Windows\\Fonts\\BOD_BLAI.TTF",
        "C:\\Windows\\Fonts\\BOD_B.TTF",
        "C:\\Windows\\Fonts\\BOD_BI.TTF",
        "C:\\Windows\\Fonts\\BOD_I.TTF",
        "C:\\Windows\\Fonts\\AGENCYR.TTF",
        "C:\\Windows\\Fonts\\marlett.ttf",
        "C:\\Windows\\System32\\sxs.dll",
        "C:\\Windows\\SysWOW64\\ieframe.dll",
        "C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\KERNELBASE.dll.mui",
        "C:\\Windows\\System32\\twinapi.appcore.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\urlmon.dll",
        "C:\\Windows\\System32\\urlmon.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\srvcli.dll",
        "C:\\Windows\\System32\\srvcli.dll",
        "C:\\Windows\\System32\\en-US\\ieframe.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\ieframe.dll.mui",
        "C:\\Windows\\WindowsShell.manifest",
        "C:\\Windows\\System32\\srpapi.dll",
        "C:\\Windows\\System32\\en-US\\urlmon.dll.mui",
        "C:\\Windows\\Fonts\\staticcache.dat",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\TextShaping.dll",
        "C:\\Windows\\System32\\TextShaping.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources\\livehtml.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en-US\\livehtml.resources\\livehtml.resources.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources\\livehtml.resources.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources.exe",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\en\\livehtml.resources\\livehtml.resources.exe",
        "C:\\Windows\\System32\\en-US\\USER32.dll.mui",
        "C:\\Windows\\win.ini",
        "C:\\Windows\\System32\\uxtheme.dll.Config",
        "C:\\Windows\\System32\\uxtheme.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe.Local\\",
        "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984",
        "C:\\Windows\\System32\\textinputframework.dll",
        "C:\\Windows\\System32\\CoreUIComponents.dll",
        "C:\\Windows\\System32\\CoreMessaging.dll",
        "C:\\Windows\\System32\\ntmarta.dll",
        "C:\\Windows\\System32\\WinTypes.dll",
        "C:\\Windows\\SystemResources\\USER32.dll.mun",
        "C:\\Windows\\System32\\en-US\\mshtml.dll.mui",
        "C:\\Windows\\sysnative\\en-US\\mshtml.dll.mui",
        "C:\\Windows\\System32\\d2d1.dll",
        "C:\\Windows\\System32\\resourcepolicyclient.dll",
        "C:\\Windows\\System32\\DXCore.dll",
        "C:\\Windows\\System32\\cfgmgr32.dll",
        "\\Device\\DeviceApi\\CMApi",
        "C:\\Windows\\System32\\d3d10warp.dll",
        "C:\\Users\\Rajesh\\AppData\\Local\\Temp\\d3d10warp.dll",
        "C:\\Windows\\System32\\mshtml.tlb",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\Microsoft.Net\\assembly\\GAC\\Microsoft.mshtml\\v4.0_7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\assembly\\GAC_32\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.dll",
        "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.mshtml\\*",
        "C:\\Windows\\assembly\\GAC\\Microsoft.mshtml\\7.0.3300.0__b03f5f7f11d50a3a\\Microsoft.mshtml.INI",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.IE5",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History",
        "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5"
      ],
      "read_files": [],
      "write_files": [],
      "delete_files": [],
      "keys": [
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\Policy\\Standards",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\policy\\standards\\v4.0.30319",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\v4.0.30319\\SKUs\\default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Servicing",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
        "HKEY_CURRENT_USER",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index36",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\AppContext",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-3262678163-160926255-2192883574-1002",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\StateSeparation\\RedirectionMap\\Keys",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\DirectWrite",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache\\Parameters",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\FontCache\\Parameters\\ClientCacheSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Fonts",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES_tradnl",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES_tradnl",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fi-FI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fi-FI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\hu-HU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\hu-HU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\it-IT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\it-IT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nl-NL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nl-NL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nb-NO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nb-NO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pl-PL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pl-PL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-BR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-BR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sk-SK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sk-SK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sv-SE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sv-SE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\tr-TR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\tr-TR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sl-SI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sl-SI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\vi-VN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\vi-VN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\eu-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\eu-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-MX",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-MX",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-PT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-PT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ko-KR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ko-KR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-TW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-TW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ja-JP",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ja-JP",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-SG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
        "HKEY_CURRENT_USER\\EUDC\\1252",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\PackagedCom",
        "HKEY_CURRENT_USER\\Software\\Classes",
        "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\TypeLib",
        "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}",
        "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1",
        "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0",
        "HKEY_CURRENT_USER\\Software\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32\\(Default)",
        "HKEY_CLASSES_ROOT\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InProcServer32\\Class",
        "HKEY_CLASSES_ROOT\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\LocalServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\OLE\\AppCompat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_CURRENT_USER\\Software\\Classes\\AppID\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_CURRENT_USER\\Software\\Classes\\Interface\\{00000160-0000-0000-C000-000000000046}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\Interface\\{00000160-0000-0000-C000-000000000046}",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\NavigationDelay",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
        "HKEY_CURRENT_USER\\Software\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IEDDE_REGISTER_PROTOCOL",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
        "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler",
        "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\about\\",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\about",
        "HKEY_CURRENT_USER\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*\\",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\PROTOCOLS\\Name-Space Handler\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\MediaTypeClass",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
        "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",
        "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001",
        "HKEY_LOCAL_MACHINE\\Software\\Policies",
        "HKEY_CURRENT_USER\\Software\\Policies",
        "HKEY_CURRENT_USER\\Software",
        "HKEY_LOCAL_MACHINE\\Software",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_INTERNAL_SECURITY_MANAGER",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Security",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
        "HKEY_LOCAL_MACHINE\\System\\Setup",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OLEALIAS_GWND",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_TOPMOST_GWND",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text/html",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_COMPAT_LOGGING",
        "HKEY_CURRENT_USER\\Software\\Classes\\MIME\\Database\\Content Type\\text/html",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IEharden",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\Floppy Access",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_IGNORE_ZONE_FOR_SECURITYID",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Zoom",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALIGNED_TIMERS",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_VSYNC_WATCHDOG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_HIGHFREQ_TIMERS",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\RenderingLoopMaxTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\RtfConverterFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\CSS_Compat",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Expand Alt Text",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\PageSetup",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XMLHTTP",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DisableScriptDebuggerIE",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Move System Caret",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseHR",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Q300829",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Cleanup HTCs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\JScriptProfileCacheEventDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Default_CodePage",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AutoDetect",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\International\\Scripts",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Visited",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Hover",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Settings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Colors",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Size",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Face",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Disable Visited Hyperlinks",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Use Anchor Hover Color",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\MiscFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Styles",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Text Scaling",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Viewport",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Larger Hit Test",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Script",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\AdvancedOptions\\DISAMBIGUATION",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme\\FontScale",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Contexts",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Contexts",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_96DPI_PIXEL",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_OPTICAL_ZOOM",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\IEDevTools\\Options",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\IEDevTools\\Options",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\IEDevTools\\Options",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\MIMEAssociations\\text/xml\\UserChoice",
        "HKEY_CURRENT_USER\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\MIME\\Database\\Content Type\\text/xml",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/xml\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\UrlBlock",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\PhishingFilter",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PhishingFilter",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\PhishingFilter",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\Users\\S-1-5-21-3262678163-160926255-2192883574-1002",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROCESS_XML_AS_HTML",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Zones",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Low Rights",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{A26CEC36-234C-4950-AE16-E34AACE71D0D}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E9A4A80A-44FE-4DE4-8971-7150B10A5199}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7693E886-51C9-4070-8419-9F70738EC8FA}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AC4CE3CB-E1C1-44CD-8215-5A1665509EC2}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{0DBECEC1-9EB3-4860-9C6F-DDBE86634575}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{72B624DF-AE11-4948-A65C-351EB0829419}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{01B90D9A-8209-47F7-9C52-E1244BF50CED}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{E7E79A30-4F2C-4FAB-8D00-394F2D6BBEBE}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{7F12E753-FC71-43D7-A51D-92F35977ABB5}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{AA94DCC2-B8B0-4898-B835-000AABD74393}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{1765E14E-1BD4-462E-B6B1-590BF1262AC6}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{22C21F93-7DDB-411C-9B17-C5B7BD064ABC}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{ED822C8C-D6BE-4301-A631-0E1416BAD28F}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{6D68D1DE-D432-4B0F-923A-091183A9BDA7}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{076C2A6C-F78F-4C46-A723-3583E70876EA}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{C17CABB2-D4A3-47D7-A557-339B2EFBD4F1}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{9CB5172B-D600-46BA-AB77-77BB7E3A00D9}",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance",
        "HKEY_CURRENT_USER\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
        "HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\\Instance\\Disabled",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\C:|Users|Rajesh|AppData|Local|Temp|HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-3262678163-160926255-2192883574-1002\\Installer\\Assemblies\\Global",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Assemblies\\Global",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Microsoft Sans Serif",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\AssemblyStorageRoots",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct2D",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Direct3D\\Direct2D",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Direct3D",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\Drivers",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\DirectX\\UserGpuPreferences",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\DirectXUserGlobalSettings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_D3D_MULTITHREADING",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_D3D_DEBUG_LAYER",
        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\GraphicsDrivers",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo",
        "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\ImplementedInThisVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion",
        "HKEY_CLASSES_ROOT\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InprocServer32\\7.0.3300.0",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\CodeBase",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\v4.0_policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.7.0.Microsoft.mshtml__b03f5f7f11d50a3a",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SyncMode5",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\SessionStartTimeDefaultDeltaSecs",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\2\\KnownFolders",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cookies",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CachePrefix",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheLimit",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CachePrefix",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheLimit",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PropertyBag",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\History",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CachePrefix",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheLimit",
        "HKEY_USERS\\.DEFAULT",
        "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
        "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
        "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IEDDE_REGISTER_URLECHO",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Ftp",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\FTP\\Use Web Based FTP",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ftp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Avalon.Graphics\\DISPLAY1",
        "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender",
        "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\PrefetchPrerender",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PrefetchPrerender",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\PrefetchPrerender",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\AppCompatClassName",
        "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer",
        "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Input",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BINARY_CALLER_SERVICE_PROVIDER"
      ],
      "read_keys": [
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index36",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\FontCache\\Parameters\\ClientCacheSize",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES_tradnl",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES_tradnl",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fi-FI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fi-FI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-FR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\hu-HU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\hu-HU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\it-IT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\it-IT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nl-NL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nl-NL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nb-NO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nb-NO",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pl-PL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pl-PL",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-BR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-BR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sk-SK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sk-SK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sv-SE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sv-SE",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\tr-TR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\tr-TR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sl-SI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sl-SI",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\vi-VN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\vi-VN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\eu-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\eu-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-MX",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-MX",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-PT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-PT",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-CA",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ko-KR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ko-KR",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-TW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-TW",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-HK",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ja-JP",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ja-JP",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-SG",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-SG",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InProcServer32\\Class",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\NavigationDelay",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView\\(Default)",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IEharden",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\RenderingLoopMaxTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\RtfConverterFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\CSS_Compat",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Expand Alt Text",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XMLHTTP",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DisableScriptDebuggerIE",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Move System Caret",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseHR",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Q300829",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Cleanup HTCs",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\JScriptProfileCacheEventDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Default_CodePage",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AutoDetect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Visited",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Hover",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Colors",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Size",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Face",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Disable Visited Hyperlinks",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Use Anchor Hover Color",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\MiscFlags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme\\FontScale",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Contexts",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Flags",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Contexts",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/xml\\CLSID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
        "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\DirectXUserGlobalSettings",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\ImplementedInThisVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\CodeBase",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SyncMode5",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\SessionStartTimeDefaultDeltaSecs",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cookies",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheLimit",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheLimit",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\History",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheVersion",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheLimit",
        "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
        "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\FTP\\Use Web Based FTP",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\HTMLive.exe",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime",
        "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts"
      ],
      "write_keys": [
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CachePrefix",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CachePrefix",
        "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CachePrefix"
      ],
      "delete_keys": [],
      "executed_commands": [],
      "resolved_apis": [],
      "mutexes": [
        "Local\\SM0:4500:168:WilStaging_02",
        "Local\\ZonesCacheCounterMutex",
        "Local\\ZonesLockedCacheCounterMutex",
        "Local\\MSCTF.Asm.MutexDefault2",
        "CicLoadWinStaWinSta0",
        "Local\\MSCTF.CtfMonitorInstMutexDefault2"
      ],
      "created_services": [],
      "started_services": []
    },
    "enhanced": [
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 1,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 2,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 3,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 4,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 5,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 6,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,885",
        "eid": 7,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 8,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 9,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 10,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 11,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 12,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 13,
        "data": {
          "file": "ADVAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 14,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll",
          "pathtofile": null,
          "moduleaddress": "0x74200000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 15,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 16,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,901",
        "eid": 17,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\InstallRoot",
          "content": "C:\\Windows\\Microsoft.NET\\Framework\\"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,917",
        "eid": 18,
        "data": {
          "file": "SHLWAPI.dll",
          "pathtofile": null,
          "moduleaddress": "0x76200000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,917",
        "eid": 19,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\UseLegacyV2RuntimeActivationPolicyDefaultValue",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,917",
        "eid": 20,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,932",
        "eid": 21,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x74cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,932",
        "eid": 22,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,932",
        "eid": 23,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Fusion\\NoClientChecks",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,932",
        "eid": 24,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x741f0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:12,964",
        "eid": 25,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
          "content": "528372"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,995",
        "eid": 26,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:12,995",
        "eid": 27,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,010",
        "eid": 28,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,010",
        "eid": 29,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,010",
        "eid": 30,
        "data": {
          "file": "api-ms-win-core-localization-l1-2-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,010",
        "eid": 31,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,010",
        "eid": 32,
        "data": {
          "file": "api-ms-win-core-fibers-l1-1-1",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 33,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll",
          "pathtofile": null,
          "moduleaddress": "0x73a30000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 34,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 35,
        "data": {
          "file": "USER32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 36,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DisableConfigCache",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 37,
        "data": {
          "file": "api-ms-win-core-quirks-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 38,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 39,
        "data": {
          "file": "api-ms-win-appmodel-runtime-l1-1-2.dll",
          "pathtofile": null,
          "moduleaddress": "0x74cf0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,026",
        "eid": 40,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 41,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 42,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 43,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 44,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 45,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74650000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 46,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:13,042",
        "eid": 47,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 48,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 49,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 50,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 51,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 52,
        "data": {
          "file": "KERNEL32.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 53,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 54,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 55,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 56,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 57,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 58,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 59,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseRetryAttempts",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 60,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\FileInUseMillisecondsBetweenRetries",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 61,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 62,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 63,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 64,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 65,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 66,
        "data": {
          "file": "C:\\Windows\\System32\\combase.dll",
          "pathtofile": null,
          "moduleaddress": "0x75760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 67,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,057",
        "eid": 68,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,073",
        "eid": 69,
        "data": {
          "file": "advapi32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,120",
        "eid": 70,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,120",
        "eid": 71,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\NGen\\Policy\\v4.0\\OptimizeUsedBinaries",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,120",
        "eid": 72,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,120",
        "eid": 73,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,135",
        "eid": 74,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,135",
        "eid": 75,
        "data": {
          "file": "api-ms-win-core-memory-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,151",
        "eid": 76,
        "data": {
          "file": "api-ms-win-core-libraryloader-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,151",
        "eid": 77,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,151",
        "eid": 78,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 79,
        "data": {
          "file": "WTSAPI32.dll",
          "pathtofile": null,
          "moduleaddress": "0x73950000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 80,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 81,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 82,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 83,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000603xx",
          "content": "kernel32.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 84,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 85,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,198",
        "eid": 86,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,214",
        "eid": 87,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:13,229",
        "eid": 88,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:13,229",
        "eid": 89,
        "data": {
          "file": "C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,323",
        "eid": 90,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\Release",
          "content": "528372"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,323",
        "eid": 91,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,323",
        "eid": 92,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,323",
        "eid": 93,
        "data": {
          "file": "VERSION.dll",
          "pathtofile": null,
          "moduleaddress": "0x741f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,323",
        "eid": 94,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 95,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 96,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 97,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x754f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 98,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 99,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 100,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 101,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 102,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 103,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 104,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 105,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 106,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,370",
        "eid": 107,
        "data": {
          "file": "C:\\Windows\\System32\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x73880000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 108,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize\\AppsUseLightTheme",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 109,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 110,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 111,
        "data": {
          "file": "api-ms-win-core-winrt-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 112,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 113,
        "data": {
          "file": "api-ms-win-core-xstate-l2-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75a80000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 114,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,385",
        "eid": 115,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\FeatureSIMD",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,401",
        "eid": 116,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll",
          "pathtofile": null,
          "moduleaddress": "0x737f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,401",
        "eid": 117,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,448",
        "eid": 118,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,448",
        "eid": 119,
        "data": {
          "file": "api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75760000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,448",
        "eid": 120,
        "data": {
          "file": "C:\\Windows\\System32\\bcryptprimitives.dll",
          "pathtofile": null,
          "moduleaddress": "0x769d0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,510",
        "eid": 121,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
          "content": "36"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,510",
        "eid": 122,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index36",
          "content": "\\xff\\xff\\xff\\xff\\x0f"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:13,510",
        "eid": 123,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
          "content": "\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:13,510",
        "eid": 124,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,526",
        "eid": 125,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,698",
        "eid": 126,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,698",
        "eid": 127,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,729",
        "eid": 128,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,729",
        "eid": 129,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,760",
        "eid": 130,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,760",
        "eid": 131,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,885",
        "eid": 132,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,885",
        "eid": 133,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,885",
        "eid": 134,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,901",
        "eid": 135,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:13,901",
        "eid": 136,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,057",
        "eid": 137,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,104",
        "eid": 138,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x737a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,167",
        "eid": 139,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,182",
        "eid": 140,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": "0x76f00000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,182",
        "eid": 141,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 142,
        "data": {
          "file": "advapi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 143,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 144,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 145,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 146,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 147,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 148,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 149,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 150,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,229",
        "eid": 151,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,245",
        "eid": 152,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,260",
        "eid": 153,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,260",
        "eid": 154,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,260",
        "eid": 155,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,260",
        "eid": 156,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 157,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 158,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 159,
        "data": {
          "file": "bcrypt.dll",
          "pathtofile": null,
          "moduleaddress": "0x76090000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 160,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 161,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 162,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,276",
        "eid": 163,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 164,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 165,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 166,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 167,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 168,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 169,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 170,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 171,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 172,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 173,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 174,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 175,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Cryptography\\Defaults\\Provider Types\\Type 024\\Name",
          "content": "Microsoft Enhanced RSA and AES Cryptographic Provider"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,292",
        "eid": 176,
        "data": {
          "file": "C:\\Windows\\System32\\rsaenh.dll",
          "pathtofile": null,
          "moduleaddress": "0x737a0000"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,354",
        "eid": 177,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,417",
        "eid": 178,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,417",
        "eid": 179,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:14,448",
        "eid": 180,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,526",
        "eid": 181,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,573",
        "eid": 182,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,573",
        "eid": 183,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 184,
        "data": {
          "file": "imm32.dll",
          "pathtofile": null,
          "moduleaddress": "0x760b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 185,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x736f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 186,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 187,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 188,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,589",
        "eid": 189,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,620",
        "eid": 190,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,620",
        "eid": 191,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgJITDebugLaunchSetting",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,620",
        "eid": 192,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\DbgManagedDebugger",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,682",
        "eid": 193,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,682",
        "eid": 194,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,682",
        "eid": 195,
        "data": {
          "file": "uxtheme.dll",
          "pathtofile": null,
          "moduleaddress": "0x73880000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,682",
        "eid": 196,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:14,682",
        "eid": 197,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,932",
        "eid": 198,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x754f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,932",
        "eid": 199,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,964",
        "eid": 200,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,964",
        "eid": 201,
        "data": {
          "file": "RichEd20.DLL",
          "pathtofile": null,
          "moduleaddress": "0x73670000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,964",
        "eid": 202,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,964",
        "eid": 203,
        "data": {
          "file": "version.dll",
          "pathtofile": null,
          "moduleaddress": "0x741f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:14,964",
        "eid": 204,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,026",
        "eid": 205,
        "data": {
          "file": "gdiplus.dll",
          "pathtofile": null,
          "moduleaddress": "0x734a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,026",
        "eid": 206,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,026",
        "eid": 207,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,042",
        "eid": 208,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,042",
        "eid": 209,
        "data": {
          "file": "C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\\GdiPlus.dll",
          "pathtofile": null,
          "moduleaddress": "0x734a0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,057",
        "eid": 210,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,057",
        "eid": 211,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,057",
        "eid": 212,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,057",
        "eid": 213,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\FontCache\\Parameters\\ClientCacheSize",
          "content": "4194304"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,073",
        "eid": 214,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,089",
        "eid": 215,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 216,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ca-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 217,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ca-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 218,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\cs-CZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 219,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\cs-CZ",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 220,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\da-DK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 221,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\da-DK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 222,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\de-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 223,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\de-DE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 224,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\el-GR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 225,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\el-GR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 226,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES_tradnl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 227,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES_tradnl",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 228,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fi-FI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 229,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fi-FI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 230,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 231,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-FR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 232,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\hu-HU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 233,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\hu-HU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 234,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\it-IT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 235,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\it-IT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 236,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nl-NL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 237,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nl-NL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,448",
        "eid": 238,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\nb-NO",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 239,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\nb-NO",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 240,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pl-PL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 241,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pl-PL",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 242,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-BR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 243,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-BR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 244,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 245,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ru-RU",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 246,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sk-SK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 247,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sk-SK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 248,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sv-SE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 249,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sv-SE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 250,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\tr-TR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 251,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\tr-TR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 252,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\sl-SI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 253,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\sl-SI",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 254,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\vi-VN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 255,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\vi-VN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 256,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\eu-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 257,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\eu-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 258,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-MX",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 259,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-MX",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 260,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\pt-PT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 261,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\pt-PT",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 262,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\es-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 263,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\es-ES",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 264,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\fr-CA",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 265,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\fr-CA",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:15,464",
        "eid": 266,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,729",
        "eid": 267,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ko-KR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,729",
        "eid": 268,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ko-KR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,745",
        "eid": 269,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-TW",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,745",
        "eid": 270,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-TW",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,745",
        "eid": 271,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-HK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,745",
        "eid": 272,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-HK",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,792",
        "eid": 273,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-CN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,792",
        "eid": 274,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-CN",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,839",
        "eid": 275,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\ja-JP",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,839",
        "eid": 276,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\ja-JP",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,979",
        "eid": 277,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\zh-SG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:15,979",
        "eid": 278,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\zh-SG",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:16,964",
        "eid": 279,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,260",
        "eid": 280,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,323",
        "eid": 281,
        "data": {
          "file": "mscoree.dll",
          "pathtofile": null,
          "moduleaddress": "0x74650000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,323",
        "eid": 282,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,682",
        "eid": 283,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x726e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,682",
        "eid": 284,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll",
          "pathtofile": null,
          "moduleaddress": "0x72c60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,682",
        "eid": 285,
        "data": {
          "file": "user32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,698",
        "eid": 286,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,698",
        "eid": 287,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,698",
        "eid": 288,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,714",
        "eid": 289,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\\1.1\\0\\win32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,714",
        "eid": 290,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,714",
        "eid": 291,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,714",
        "eid": 292,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 293,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 294,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 295,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 296,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 297,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 298,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 299,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:18,729",
        "eid": 300,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\ieframe.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 301,
        "data": {
          "file": "sxs.dll",
          "pathtofile": null,
          "moduleaddress": "0x72650000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 302,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 303,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\.NETFramework\\AlwaysReadHKCRForCLSIDs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 304,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{8856F961-340A-11D0-A96B-00C04FD705A2}\\InProcServer32\\Class",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 305,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 306,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 307,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseActivationAuthenticationLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 308,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat\\RaiseDefaultAuthnLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 309,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\DefaultAccessPermission",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,745",
        "eid": 310,
        "data": {
          "file": "C:\\Windows\\system32\\rpcss.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,760",
        "eid": 311,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,760",
        "eid": 312,
        "data": {
          "file": "combase.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,823",
        "eid": 313,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000160-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
          "content": "{00000320-0000-0000-C000-000000000046}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,823",
        "eid": 314,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension",
          "content": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,839",
        "eid": 315,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,839",
        "eid": 316,
        "data": {
          "file": "C:\\Windows\\System32\\dataexchange.dll",
          "pathtofile": null,
          "moduleaddress": "0x72610000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,854",
        "eid": 317,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,854",
        "eid": 318,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,854",
        "eid": 319,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,854",
        "eid": 320,
        "data": {
          "file": "C:\\Windows\\system32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "findwindow",
        "object": "windowname",
        "timestamp": "2026-06-28 21:56:18,854",
        "eid": 321,
        "data": {
          "classname": "ApplicationManager_DesktopShellWindow",
          "windowname": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 322,
        "data": {
          "file": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 323,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 324,
        "data": {
          "file": "OLEAUT32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75450000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 325,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 326,
        "data": {
          "file": "PROPSYS.dll",
          "pathtofile": null,
          "moduleaddress": "0x71f90000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 327,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 328,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 329,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 330,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 331,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 332,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 333,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 334,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,917",
        "eid": 335,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,932",
        "eid": 336,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,932",
        "eid": 337,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_INTERNET_SHELL_FOLDERS\\*",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,932",
        "eid": 338,
        "data": {
          "file": "msIso.dll",
          "pathtofile": null,
          "moduleaddress": "0x71f40000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,932",
        "eid": 339,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\NavigationDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 340,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 341,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 342,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 343,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 344,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 345,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 346,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 347,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 348,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 349,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 350,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 351,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 352,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 353,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 354,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
          "content": "36"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 355,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 356,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 357,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\FolderValueFlags",
          "content": "131602"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 358,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
          "content": "1048576"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,948",
        "eid": 359,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 360,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 361,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 362,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 363,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 364,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 365,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,964",
        "eid": 366,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,979",
        "eid": 367,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,979",
        "eid": 368,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:18,979",
        "eid": 369,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 370,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\ValidateRegItems",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 371,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\MonitorRegistry",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 372,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
          "content": "%SystemRoot%\\system32\\windows.storage.dll"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 373,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DocObjectView\\(Default)",
          "content": "{C2EA74E0-0ED2-11CF-A9BB-00AA004AE837}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 374,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:18,995",
        "eid": 375,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,010",
        "eid": 376,
        "data": {
          "file": "urlmon.dll",
          "pathtofile": null,
          "moduleaddress": "0x71d90000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,010",
        "eid": 377,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,104",
        "eid": 378,
        "data": {
          "file": "CRYPTBASE.DLL",
          "pathtofile": null,
          "moduleaddress": "0x742c0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,104",
        "eid": 379,
        "data": {
          "file": "msiso.dll",
          "pathtofile": null,
          "moduleaddress": "0x71f40000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,104",
        "eid": 380,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.dll",
          "pathtofile": null,
          "moduleaddress": "0x70b10000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 381,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 382,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 383,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 384,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 385,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 386,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 387,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 388,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 389,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 390,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 391,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,120",
        "eid": 392,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 393,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
          "content": "33"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 394,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
          "content": "219"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 395,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
          "content": "71"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 396,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 397,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 398,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 399,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 400,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
          "content": "33"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 401,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
          "content": "219"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,135",
        "eid": 402,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
          "content": "71"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 403,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 404,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 405,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 406,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 407,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 408,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 409,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 410,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 411,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 412,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 413,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 414,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 415,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 416,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,151",
        "eid": 417,
        "data": {
          "file": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,167",
        "eid": 418,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,167",
        "eid": 419,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x726e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,167",
        "eid": 420,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 421,
        "data": {
          "file": "OLEAUT32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 422,
        "data": {
          "file": "oleaut32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 423,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 424,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 425,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 426,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 427,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 428,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 429,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 430,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 431,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 432,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 433,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 434,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 435,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 436,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 437,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,198",
        "eid": 438,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2703",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,229",
        "eid": 439,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,245",
        "eid": 440,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 441,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 442,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 443,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IEharden",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 444,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 445,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 446,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 447,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 448,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 449,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 450,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 451,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 452,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 453,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,260",
        "eid": 454,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 455,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 456,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 457,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\MinimumSystemTimerResolution",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 458,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\RenderingLoopMaxTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 459,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 460,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 461,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 462,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 463,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 464,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 465,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 466,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 467,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 468,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 469,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\RtfConverterFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 470,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 471,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 472,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\CSS_Compat",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 473,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Expand Alt Text",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 474,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 475,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 476,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Display Inline Videos",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 477,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 478,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 479,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 480,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 481,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\SmoothScroll",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 482,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XMLHTTP",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 483,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 484,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Show image placeholders",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 485,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 486,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DisableScriptDebuggerIE",
          "content": "yes"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 487,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 488,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Disable Diagnostics Mode",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 489,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Move System Caret",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 490,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 491,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\Enable AutoImageResize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 492,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseHR",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 493,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Q300829",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 494,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Cleanup HTCs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 495,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 496,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\XDomainRequest",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 497,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 498,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\DOMStorage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 499,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\JScriptProfileCacheEventDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 500,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Default_CodePage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 501,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AutoDetect",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 502,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 503,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\Default_IEFontSizePrivate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 504,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color",
          "content": "0,0,255"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 505,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Visited",
          "content": "128,0,128"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 506,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Anchor Color Hover",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 507,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Colors",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 508,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 509,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Always Use My Font Face",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 510,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Disable Visited Hyperlinks",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 511,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\Use Anchor Hover Color",
          "content": "No"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,276",
        "eid": 512,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Settings\\MiscFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 513,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 514,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 515,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 516,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 517,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\Theme\\FontScale",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 518,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 519,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\(Default)",
          "content": "res://C:\\PROGRA~1\\Microsoft Office\\Office16\\EXCEL.EXE/3000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 520,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Flags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 521,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\E&xport to Microsoft Excel\\Contexts",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 522,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\(Default)",
          "content": "res://C:\\PROGRA~1\\Microsoft Office\\Office16\\ONBttnIE.dll/105"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 523,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Flags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 524,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\MenuExt\\Se&nd to OneNote\\Contexts",
          "content": "55"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 525,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
          "content": "c_950.nls"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 526,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 527,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 528,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 529,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName",
          "content": "Times New Roman"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 530,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName",
          "content": "Courier New"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 531,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 532,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 533,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 534,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 535,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 536,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 537,
        "data": {
          "file": "MSHTML.dll",
          "pathtofile": null,
          "moduleaddress": "0x70b10000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 538,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE",
          "content": "9.0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 539,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML",
          "content": "1.0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 540,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
          "content": "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 541,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 542,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 543,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 544,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2700",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 545,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 546,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 547,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\text/xml\\CLSID",
          "content": "{48123BC4-99D9-11D1-A6B3-00C04FD91555}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 548,
        "data": {
          "file": "urlmon.dll",
          "pathtofile": null,
          "moduleaddress": "0x71d90000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 549,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 550,
        "data": {
          "file": "WLDP.DLL",
          "pathtofile": null,
          "moduleaddress": "0x746b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,292",
        "eid": 551,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 552,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 553,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER\\*",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 554,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 555,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "findwindow",
        "object": "windowname",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 556,
        "data": {
          "classname": "MS_AutodialMonitor",
          "windowname": ""
        }
      },
      {
        "event": "findwindow",
        "object": "windowname",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 557,
        "data": {
          "classname": "MS_WebCheckMonitor",
          "windowname": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 558,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 559,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 560,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 561,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 562,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 563,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 564,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 565,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon",
          "content": "shell32.dll#0016"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 566,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 567,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 568,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 569,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
          "content": "33"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 570,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
          "content": "shell32.dll#0018"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 571,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
          "content": "65536"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 572,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
          "content": "66816"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 573,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
          "content": "66816"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 574,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
          "content": "219"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,307",
        "eid": 575,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 576,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 577,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
          "content": "inetcpl.cpl#00004480"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 578,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
          "content": "65536"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 579,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
          "content": "69632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 580,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
          "content": "69632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 581,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
          "content": "71"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 582,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 583,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 584,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 585,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
          "content": "inetcpl.cpl#001313"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 586,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
          "content": "69632"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 587,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
          "content": "70912"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 588,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
          "content": "70912"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 589,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 590,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 591,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 592,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 593,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
          "content": "inetcpl.cpl#00004481"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 594,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
          "content": "73728"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 595,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
          "content": "73728"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 596,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
          "content": "73728"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 597,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
          "content": "3"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 598,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 599,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,323",
        "eid": 600,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,448",
        "eid": 601,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,448",
        "eid": 602,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
          "content": "C:\\Windows\\Fonts\\staticcache.dat"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:19,464",
        "eid": 603,
        "data": {
          "file": "C:\\Windows\\Fonts\\StaticCache.dat"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 604,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 605,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 606,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 607,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 608,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
          "content": "SimSun-ExtB"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 609,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 610,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 611,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 612,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 613,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 614,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 615,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 616,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 617,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 618,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 619,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 620,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 621,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,479",
        "eid": 622,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:19,573",
        "eid": 623,
        "data": {
          "file": "WindowsCodecs.dll",
          "pathtofile": null,
          "moduleaddress": "0x70860000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:19,823",
        "eid": 624,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 625,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 626,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 627,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 628,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 629,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,120",
        "eid": 630,
        "data": {
          "file": "kernel32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 631,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 632,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 633,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 634,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 635,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,401",
        "eid": 636,
        "data": {
          "file": "C:\\Windows\\win.ini"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,417",
        "eid": 637,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\SideBySide\\PreferExternalManifest",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,432",
        "eid": 638,
        "data": {
          "file": "ole32.dll",
          "pathtofile": null,
          "moduleaddress": "0x754f0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,432",
        "eid": 639,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension",
          "content": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,432",
        "eid": 640,
        "data": {
          "file": "C:\\Windows\\system32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "findwindow",
        "object": "windowname",
        "timestamp": "2026-06-28 21:56:20,432",
        "eid": 641,
        "data": {
          "classname": "ApplicationManager_DesktopShellWindow",
          "windowname": ""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,448",
        "eid": 642,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,448",
        "eid": 643,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,448",
        "eid": 644,
        "data": {
          "file": "shell32.dll",
          "pathtofile": null,
          "moduleaddress": "0x76320000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,448",
        "eid": 645,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,510",
        "eid": 646,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,510",
        "eid": 647,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE\\LaunchUserOOBE",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,526",
        "eid": 648,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 649,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 650,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 651,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 652,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 653,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 654,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 655,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 656,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 657,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 658,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 659,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,557",
        "eid": 660,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,573",
        "eid": 661,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,573",
        "eid": 662,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,573",
        "eid": 663,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,573",
        "eid": 664,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,573",
        "eid": 665,
        "data": {
          "file": "USER32",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,729",
        "eid": 666,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,729",
        "eid": 667,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,729",
        "eid": 668,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 669,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\1400",
          "content": "0"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 670,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSize",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 671,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFontSizePrivate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 672,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEPropFontName",
          "content": "Times New Roman"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 673,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEFixedFontName",
          "content": "Courier New"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 674,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESerifFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 675,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IESansSerifFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 676,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\International\\Scripts\\3\\IEUIFontName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 677,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 678,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 679,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 680,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 681,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
          "content": "0"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 682,
        "data": {
          "file": "ieframe.dll",
          "pathtofile": null,
          "moduleaddress": "0x72c60000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 683,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,745",
        "eid": 684,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,760",
        "eid": 685,
        "data": {
          "file": "C:\\Windows\\System32\\msimtf.dll",
          "pathtofile": null,
          "moduleaddress": "0x70360000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,760",
        "eid": 686,
        "data": {
          "file": "ext-ms-win-ntuser-touch-hittest-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,760",
        "eid": 687,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 688,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 689,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 690,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 691,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 692,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 693,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,776",
        "eid": 694,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 695,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 696,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 697,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 698,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 699,
        "data": {
          "file": "csrsrv.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 700,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 701,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 702,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 703,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 704,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SecurityManager\\TransientObjects\\%5C%5C.%5CRpc%5CAllowLpacAppExperience%5CInterface\\SecurityDescriptor",
          "content": "\\x01\\x00\\x04\\x80\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x02\\x00\\xf4\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\xff\\xff\\x1f\\x11\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x04\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x10\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x0b\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\xff\\xff\\x1f\\x11\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x05\\x12\\x00\\x00\\x00\\x00\\x00\\x18\\x00\\xff\\xff\\x1f\\x11\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00 \\x02\\x00\\x00\\x00\\x004\\x00\\x00\\x00\\x00\\x10\\x01\t\\x00\\x00\\x00\\x00\\x00\\x05 \\x00\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U\\x00\\x00\\x18\\x00\\x00\\x00\\x00\\x10\\x01\\x02\\x00\\x00\\x00\\x00\\x00\\x0f\\x02\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x008\\x00\\x00\\x00\\x00\\x10\\x01\n\\x00\\x00\\x00\\x00\\x00\\x0f\\x03\\x00\\x00\\x00\\x00\\x04\\x00\\x00\\xceJ\\x93Y\\xb9\\xcf\\x0buu\\xc0\\xf2\\x9b\\xb2\\xb4\\xc2\\x98\\xd4F\\xdd\\xf9\\x02z\\x87\\xec\\x14e\\x11w\\xd6\\xe9\\x96U"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,792",
        "eid": 705,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 706,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\DirectXUserGlobalSettings",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 707,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\DirectX\\UserGpuPreferences\\C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 708,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 709,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 710,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 711,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 712,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 713,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 714,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 715,
        "data": {
          "file": "DXGI",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,807",
        "eid": 716,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,823",
        "eid": 717,
        "data": {
          "file": "d3d10warp.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f870000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,823",
        "eid": 718,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,823",
        "eid": 719,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock\\AllowDevelopmentWithoutDevLicense",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 720,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 721,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\Drivers\\Name",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 722,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Size",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 723,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Direct3D\\DX6TextureEnumInclusionList\\Name",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 724,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 725,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 726,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 727,
        "data": {
          "file": "DDRAW.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 728,
        "data": {
          "file": "D3D8.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 729,
        "data": {
          "file": "D3D9.DLL",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,839",
        "eid": 730,
        "data": {
          "file": "api-ms-win-core-synch-l1-2-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,854",
        "eid": 731,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,854",
        "eid": 732,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\UseSWRender",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,854",
        "eid": 733,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,854",
        "eid": 734,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\GPU\\AdapterInfo",
          "content": "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"Hypervisor detected (Microsoft Hypervisor with SLAT support detected)\""
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,870",
        "eid": 735,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,870",
        "eid": 736,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,870",
        "eid": 737,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,870",
        "eid": 738,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 739,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 740,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 741,
        "data": {
          "file": "user32",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 742,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 743,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 744,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,885",
        "eid": 745,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,901",
        "eid": 746,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,901",
        "eid": 747,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,901",
        "eid": 748,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,901",
        "eid": 749,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "file",
        "timestamp": "2026-06-28 21:56:20,901",
        "eid": 750,
        "data": {
          "file": "C:\\Windows\\SysWOW64\\mshtml.tlb"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 751,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\ImplementedInThisVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 752,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 753,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 754,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 755,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\RuntimeVersion",
          "content": "v1.0.3705"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 756,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 757,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Class",
          "content": "mshtml.HTMLDocumentClass"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 758,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 759,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\Assembly",
          "content": "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 760,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\7.0.3300.0\\CodeBase",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 761,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 762,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{25336920-03F9-11CF-8FD0-00AA00686F13}\\InProcServer32\\(Default)",
          "content": "C:\\Windows\\SysWOW64\\mshtml.dll"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:20,917",
        "eid": 763,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,026",
        "eid": 764,
        "data": {
          "file": "kernel32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75130000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,026",
        "eid": 765,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,026",
        "eid": 766,
        "data": {
          "file": "wldp.dll",
          "pathtofile": null,
          "moduleaddress": "0x746b0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,026",
        "eid": 767,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,042",
        "eid": 768,
        "data": {
          "file": "Secur32.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f830000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,042",
        "eid": 769,
        "data": {
          "file": "MLANG.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f7f0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 770,
        "data": {
          "file": "WININET.dll",
          "pathtofile": null,
          "moduleaddress": "0x6f3a0000"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 771,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SyncMode5",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 772,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\SessionStartTimeDefaultDeltaSecs",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 773,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 774,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
          "content": "Local AppData"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,057",
        "eid": 775,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 776,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 777,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
          "content": "AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 778,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 779,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 780,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 781,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 782,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 783,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 784,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 785,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 786,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 787,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 788,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 789,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 790,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 791,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 792,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 793,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 794,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 795,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 796,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Name",
          "content": "Cache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 797,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 798,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 799,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 800,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 801,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 802,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 803,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 804,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 805,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 806,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 807,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 808,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 809,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 810,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 811,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 812,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 813,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 814,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 815,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 816,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
          "content": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 817,
        "data": {
          "file": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 818,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 819,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 820,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,073",
        "eid": 821,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Name",
          "content": "Cookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 822,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 823,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 824,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\RelativePath",
          "content": "Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 825,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 826,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 827,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 828,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 829,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 830,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 831,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 832,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\LocalRedirectOnly",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 833,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 834,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 835,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 836,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 837,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 838,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 839,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 840,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 841,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cookies",
          "content": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 842,
        "data": {
          "file": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 843,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 844,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 845,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheVersion",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 846,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Content\\CacheLimit",
          "content": "337920"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 847,
        "data": {
          "file": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 848,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 849,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 850,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheVersion",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 851,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Cookies\\CacheLimit",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,089",
        "eid": 852,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Category",
          "content": "4"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 853,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Name",
          "content": "History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 854,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParentFolder",
          "content": "{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 855,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Description",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 856,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\RelativePath",
          "content": "Microsoft\\Windows\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 857,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\ParsingName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 858,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InfoTip",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 859,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalizedName",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 860,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Icon",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 861,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Security",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 862,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResource",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 863,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\StreamResourceType",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 864,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\LocalRedirectOnly",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 865,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Roamable",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 866,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PreCreate",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 867,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Stream",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 868,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\PublishExpandedPath",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 869,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\DefinitionFlags",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 870,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\Attributes",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 871,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\FolderTypeID",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 872,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\InitFolderHandler",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 873,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\History",
          "content": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\History"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 874,
        "data": {
          "file": "C:\\Users\\Rajesh"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 875,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local"
        }
      },
      {
        "event": "create",
        "object": "dir",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 876,
        "data": {
          "file": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\History"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 877,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheVersion",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 878,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\History\\CacheLimit",
          "content": "1"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 879,
        "data": {
          "regkey": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Cache",
          "content": "%USERPROFILE%\\AppData\\Local\\Microsoft\\Windows\\INetCache"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 880,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,104",
        "eid": 881,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
          "content": "%SystemDrive%\\Users\\Default"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,120",
        "eid": 882,
        "data": {
          "regkey": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
          "content": "%USERPROFILE%\\AppData\\Local"
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,120",
        "eid": 883,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,120",
        "eid": 884,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Default",
          "content": "%SystemDrive%\\Users\\Default"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,120",
        "eid": 885,
        "data": {
          "file": "WKSCAL.EXE",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 886,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\Extensions\\DragDropExtension",
          "content": "{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 887,
        "data": {
          "file": "C:\\Windows\\system32\\twinapi.appcore.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "findwindow",
        "object": "windowname",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 888,
        "data": {
          "classname": "ApplicationManager_DesktopShellWindow",
          "windowname": ""
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 889,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\FTP\\Use Web Based FTP",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 890,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\HTMLive.exe",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:21,135",
        "eid": 891,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,151",
        "eid": 892,
        "data": {
          "file": "C:\\Windows\\system32\\gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,151",
        "eid": 893,
        "data": {
          "file": "C:\\Windows\\system32\\user32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,167",
        "eid": 894,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,167",
        "eid": 895,
        "data": {
          "file": "dwrite.dll",
          "pathtofile": null,
          "moduleaddress": "0x73290000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,182",
        "eid": 896,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,182",
        "eid": 897,
        "data": {
          "file": "DXCaptureReplay.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,182",
        "eid": 898,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,182",
        "eid": 899,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,182",
        "eid": 900,
        "data": {
          "file": "gdi32.dll",
          "pathtofile": null,
          "moduleaddress": "0x75010000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,198",
        "eid": 901,
        "data": {
          "file": "api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": "0x75d20000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:21,198",
        "eid": 902,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:22,464",
        "eid": 903,
        "data": {
          "file": "C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x00000000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:22,479",
        "eid": 904,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:22,479",
        "eid": 905,
        "data": {
          "file": "comctl32.dll",
          "pathtofile": null,
          "moduleaddress": "0x726e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:22,479",
        "eid": 906,
        "data": {
          "file": null,
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:22,604",
        "eid": 907,
        "data": {
          "file": "C:\\Windows\\System32\\msctf.dll",
          "pathtofile": null,
          "moduleaddress": "0x768e0000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,276",
        "eid": 908,
        "data": {
          "file": "C:\\Windows\\system32\\Msimtf.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,276",
        "eid": 909,
        "data": {
          "file": "C:\\Windows\\System32\\msimtf.dll",
          "pathtofile": null,
          "moduleaddress": "0x70360000"
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,276",
        "eid": 910,
        "data": {
          "file": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 911,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 912,
        "data": {
          "file": "ntdll.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 913,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\IsVailContainer",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 914,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 915,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts",
          "content": null
        }
      },
      {
        "event": "load",
        "object": "library",
        "timestamp": "2026-06-28 21:56:35,292",
        "eid": 916,
        "data": {
          "file": "iertutil.dll",
          "pathtofile": null,
          "moduleaddress": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 917,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 918,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 919,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 920,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 921,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 922,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 923,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,354",
        "eid": 924,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 925,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 926,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 927,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 928,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 929,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 930,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 931,
        "data": {
          "regkey": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      },
      {
        "event": "read",
        "object": "registry",
        "timestamp": "2026-06-28 21:56:35,370",
        "eid": 932,
        "data": {
          "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
          "content": null
        }
      }
    ],
    "encryptedbuffers": [],
    "network_map": {
      "endpoint_map": {},
      "http_host_map": {},
      "dns_intents": {},
      "http_requests": [],
      "winhttp_sessions": [],
      "com_activations": []
    }
  },
  "debug": {
    "log": "2026-06-28 14:55:57,564 [root] INFO: Date set to: 20260629T10:54:37, timeout set to: 25\n2026-06-29 10:54:37,554 [root] DEBUG: Starting analyzer from: C:\\7d7wfxi0\n2026-06-29 10:54:37,555 [root] DEBUG: Storing results at: C:\\jXRqFQqtn\n2026-06-29 10:54:37,690 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\SRwXNL\n2026-06-29 10:54:37,693 [root] DEBUG: Python path: C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\n2026-06-29 10:54:37,693 [root] INFO: analysis running as an admin\n2026-06-29 10:54:37,693 [root] INFO: analysis package specified: \"exe\"\n2026-06-29 10:54:37,693 [root] DEBUG: importing analysis package module: \"modules.packages.exe\"...\n2026-06-29 10:54:37,706 [root] DEBUG: imported analysis package \"exe\"\n2026-06-29 10:54:37,706 [root] DEBUG: initializing analysis package \"exe\"...\n2026-06-29 10:54:37,706 [lib.common.common] INFO: no wrapping\n2026-06-29 10:54:37,706 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-29 10:54:37,707 [root] DEBUG: New location of moved file: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\n2026-06-29 10:54:37,707 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll option\n2026-06-29 10:54:37,707 [root] INFO: Analyzer: Package modules.packages.exe does not specify a dll_64 option\n2026-06-29 10:54:37,708 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option\n2026-06-29 10:54:37,708 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option\n2026-06-29 10:54:39,834 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-06-29 10:54:39,844 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-06-29 10:54:39,944 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-06-28 14:56:01,645 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-06-28 14:56:01,651 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-06-28 14:56:01,652 [lib.api.screenshot] ERROR: No module named 'PIL'\n2026-06-28 14:56:01,653 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-06-28 14:56:01,660 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-06-28 14:56:01,660 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-06-28 14:56:01,661 [root] DEBUG: attempting to configure 'Browser' from data\n2026-06-28 14:56:01,663 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-06-28 14:56:01,664 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-06-28 14:56:01,670 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-06-28 14:56:01,672 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-06-28 14:56:01,673 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-06-28 14:56:01,674 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-06-28 14:56:01,675 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-06-28 14:56:01,675 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-06-28 14:56:02,351 [modules.auxiliary.digisig] DEBUG: File has an invalid signature\n2026-06-28 14:56:02,352 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-06-28 14:56:02,360 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-06-28 14:56:02,361 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-06-28 14:56:02,361 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-06-28 14:56:02,361 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-06-28 14:56:02,362 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-06-28 14:56:02,364 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 836)\n2026-06-28 14:56:02,370 [modules.auxiliary.disguise] INFO: Disguising GUID to e06ee56f-3f97-4fb9-8eff-130f7e2f067f\n2026-06-28 14:56:02,370 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-06-28 14:56:02,370 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-06-28 14:56:02,371 [root] DEBUG: attempting to configure 'Human' from data\n2026-06-28 14:56:02,371 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-06-28 14:56:02,372 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-06-28 14:56:02,373 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-06-28 14:56:02,373 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-06-28 14:56:02,374 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-06-28 14:56:02,375 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-06-28 14:56:02,375 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-06-28 14:56:02,384 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled\n2026-06-28 14:56:02,384 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-06-28 14:56:02,385 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-06-28 14:56:02,385 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-06-28 14:56:02,385 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-06-28 14:56:02,385 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-06-28 14:56:02,389 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process\n2026-06-28 14:56:02,389 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-06-28 14:56:08,369 [root] INFO: Restarting WMI Service\n2026-06-28 14:56:10,571 [root] DEBUG: package modules.packages.exe does not support configure, ignoring\n2026-06-28 14:56:10,574 [root] WARNING: configuration error for package modules.packages.exe: error importing data.packages.exe: No module named 'data.packages'\n2026-06-28 14:56:10,575 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-28 14:56:10,585 [lib.api.process] INFO: Successfully executed process from path \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\" with arguments \"\" with pid 4500\n2026-06-28 14:56:10,586 [lib.api.process] INFO: Monitor config for process 4500: C:\\7d7wfxi0\\dll\\4500.ini\n2026-06-28 14:56:10,604 [lib.api.process] INFO: 32-bit DLL to inject is C:\\7d7wfxi0\\dll\\KYwIXTPC.dll, loader C:\\7d7wfxi0\\bin\\cyFsYoS.exe\n2026-06-28 14:56:10,630 [root] DEBUG: Loader: Injecting process 4500 (thread 2784) with C:\\7d7wfxi0\\dll\\KYwIXTPC.dll.\n2026-06-28 14:56:10,631 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.\n2026-06-28 14:56:10,632 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.\n2026-06-28 14:56:10,633 [root] DEBUG: Successfully injected DLL C:\\7d7wfxi0\\dll\\KYwIXTPC.dll.\n2026-06-28 14:56:10,637 [lib.api.process] INFO: Injected into 32-bit <Process 4500 HTMLive.exe>\n2026-06-28 14:56:12,652 [lib.api.process] INFO: Successfully resumed process with pid 4500\n2026-06-28 14:56:12,710 [root] DEBUG: 4500: Python path set to 'C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314'.\n2026-06-28 14:56:12,715 [root] DEBUG: 4500: Disabling sleep skipping.\n2026-06-28 14:56:12,716 [root] DEBUG: 4500: Dropped file limit defaulting to 100.\n2026-06-28 14:56:12,745 [root] DEBUG: 4500: YaraInit: Compiled 44 rule files\n2026-06-28 14:56:12,749 [root] DEBUG: 4500: YaraInit: Compiled rules saved to file C:\\7d7wfxi0\\data\\yara\\capemon.yac\n2026-06-28 14:56:12,750 [root] DEBUG: 4500: YaraScan: Scanning 0x00B60000, size 0x218\n2026-06-28 14:56:12,755 [root] DEBUG: 4500: Monitor initialised: 32-bit capemon loaded in process 4500 at 0x742d0000, thread 2784, image base 0xb60000, stack from 0xf32000-0xf40000\n2026-06-28 14:56:12,756 [root] DEBUG: 4500: Commandline: \"C:\\Users\\Rajesh\\AppData\\Local\\Temp\\HTMLive.exe\"\n2026-06-28 14:56:12,825 [root] DEBUG: 4500: hook_api: LdrpCallInitRoutine export address 0x76F72980 obtained via GetFunctionAddress\n2026-06-28 14:56:12,853 [root] DEBUG: 4500: hook_api: Warning - SetWindowLongW export address 0x75D57CC0 differs from GetProcAddress -> 0x745E5820 (apphelp.dll::0xfe8c5820)\n2026-06-28 14:56:12,855 [root] DEBUG: 4500: hook_api: Warning - EnumDisplayDevicesA export address 0x75D4BE40 differs from GetProcAddress -> 0x745E65C0 (apphelp.dll::0xfe8c65c0)\n2026-06-28 14:56:12,856 [root] DEBUG: 4500: hook_api: Warning - EnumDisplayDevicesW export address 0x75D62430 differs from GetProcAddress -> 0x7460E230 (apphelp.dll::0xfe8ee230)\n2026-06-28 14:56:12,859 [root] DEBUG: 4500: hook_api: Trampoline creation failed for GetCommandLineA, retrying with HOOK_SAFEST\n2026-06-28 14:56:12,860 [root] DEBUG: 4500: hook_api: Trampoline creation failed for GetCommandLineW, retrying with HOOK_SAFEST\n2026-06-28 14:56:12,875 [root] DEBUG: 4500: Hooked 635 out of 635 functions\n2026-06-28 14:56:12,876 [root] DEBUG: 4500: Syscall hook installed, syscall logging level 1\n2026-06-28 14:56:12,886 [root] INFO: Loaded monitor into process with pid 4500\n2026-06-28 14:56:12,908 [root] DEBUG: 4500: DLL loaded at 0x74200000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei (0x8d000 bytes).\n2026-06-28 14:56:12,936 [root] DEBUG: 4500: DLL loaded at 0x74CF0000: C:\\Windows\\SYSTEM32\\kernel.appcore (0xf000 bytes).\n2026-06-28 14:56:12,939 [root] DEBUG: 4500: DLL loaded at 0x741F0000: C:\\Windows\\SYSTEM32\\VERSION (0x8000 bytes).\n2026-06-28 14:56:12,999 [root] DEBUG: 4500: DLL loaded at 0x73960000: C:\\Windows\\SYSTEM32\\ucrtbase_clr0400 (0xab000 bytes).\n2026-06-28 14:56:13,001 [root] DEBUG: 4500: DLL loaded at 0x73A10000: C:\\Windows\\SYSTEM32\\VCRUNTIME140_CLR0400 (0x14000 bytes).\n2026-06-28 14:56:13,003 [root] DEBUG: 4500: DLL loaded at 0x73A30000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr (0x7b1000 bytes).\n2026-06-28 14:56:13,152 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x01293000, size: 0x1000.\n2026-06-28 14:56:13,153 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x01290000\n2026-06-28 14:56:13,183 [root] DEBUG: 4500: api-rate-cap: NtQueryPerformanceCounter hook disabled due to rate\n2026-06-28 14:56:13,195 [root] DEBUG: 4500: DLL loaded at 0x73950000: C:\\Windows\\SYSTEM32\\WTSAPI32 (0xf000 bytes).\n2026-06-28 14:56:13,209 [root] DEBUG: 4500: DLL loaded at 0x73900000: C:\\Windows\\SYSTEM32\\WINSTA (0x47000 bytes).\n2026-06-28 14:56:13,338 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x07B20000, size: 0x1000.\n2026-06-28 14:56:13,372 [root] DEBUG: 4500: DLL loaded at 0x769D0000: C:\\Windows\\System32\\bcryptPrimitives (0x5f000 bytes).\n2026-06-28 14:56:13,379 [root] DEBUG: 4500: DLL loaded at 0x73880000: C:\\Windows\\system32\\uxtheme (0x74000 bytes).\n2026-06-28 14:56:13,397 [root] DEBUG: 4500: hook_api: clrjit::compileMethod export address 0x737F3700 obtained via GetFunctionAddress\n2026-06-28 14:56:13,401 [root] DEBUG: 4500: DLL loaded at 0x737F0000: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit (0x8a000 bytes).\n2026-06-28 14:56:13,420 [root] DEBUG: 4500: .NET JIT native cache at 0x07B20000: scans and dumps active.\n2026-06-28 14:56:13,433 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07B20000 skipped\n2026-06-28 14:56:13,495 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x04645000, size: 0x1000.\n2026-06-28 14:56:13,497 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x04640000\n2026-06-28 14:56:13,508 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x07B20000.\n2026-06-28 14:56:13,684 [root] DEBUG: 4500: .NET JIT native cache at 0x07CF0000: scans and dumps active.\n2026-06-28 14:56:13,691 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07CF0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07CF2F53, thread 2784).\n2026-06-28 14:56:13,692 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07CF0000 skipped\n2026-06-28 14:56:13,693 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x01290000.\n2026-06-28 14:56:13,731 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07CF0000, committing at: 0x07CF9000.\n2026-06-28 14:56:13,785 [root] DEBUG: 4500: .NET JIT native cache at 0x07D40000: scans and dumps active.\n2026-06-28 14:56:13,792 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07D40000 to tracked regions list (ntdll::NtQueryInformationThread returns to 0x07D41341, thread 2784).\n2026-06-28 14:56:13,793 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07D40000 skipped\n2026-06-28 14:56:14,059 [root] DEBUG: 4500: .NET JIT native cache at 0x07E40000: scans and dumps active.\n2026-06-28 14:56:14,062 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07E40000 to tracked regions list (ntdll::LdrGetDllHandle returns to 0x07E40A1A, thread 2784).\n2026-06-28 14:56:14,063 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07E40000 skipped\n2026-06-28 14:56:14,104 [root] DEBUG: 4500: DLL loaded at 0x737D0000: C:\\Windows\\SYSTEM32\\CRYPTSP (0x13000 bytes).\n2026-06-28 14:56:14,107 [root] DEBUG: 4500: DLL loaded at 0x737A0000: C:\\Windows\\system32\\rsaenh (0x2f000 bytes).\n2026-06-28 14:56:14,128 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0463A000, size: 0x1000.\n2026-06-28 14:56:14,207 [root] DEBUG: 4500: .NET JIT native cache at 0x07E70000: scans and dumps active.\n2026-06-28 14:56:14,209 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07E70000 to tracked regions list (ntdll::NtCreateFile returns to 0x07E700F3, thread 2784).\n2026-06-28 14:56:14,209 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07E70000 skipped\n2026-06-28 14:56:14,241 [root] DEBUG: 4500: DLL loaded at 0x746B0000: C:\\Windows\\SYSTEM32\\Wldp (0x24000 bytes).\n2026-06-28 14:56:14,244 [root] DEBUG: 4500: DLL loaded at 0x746E0000: C:\\Windows\\SYSTEM32\\windows.storage (0x608000 bytes).\n2026-06-28 14:56:14,247 [root] DEBUG: 4500: DLL loaded at 0x755E0000: C:\\Windows\\System32\\SHCORE (0x87000 bytes).\n2026-06-28 14:56:14,253 [root] DEBUG: 4500: DLL loaded at 0x73780000: C:\\Windows\\SYSTEM32\\profapi (0x18000 bytes).\n2026-06-28 14:56:14,370 [root] DEBUG: 4500: .NET JIT native cache at 0x07F70000: scans and dumps active.\n2026-06-28 14:56:14,380 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07F70000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07F70422, thread 2784).\n2026-06-28 14:56:14,381 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07F70000 skipped\n2026-06-28 14:56:14,491 [root] DEBUG: 4500: .NET JIT native cache at 0x07F30000: scans and dumps active.\n2026-06-28 14:56:14,498 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07F30000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07F30778, thread 2784).\n2026-06-28 14:56:14,499 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07F30000 skipped\n2026-06-28 14:56:14,591 [root] DEBUG: 4500: DLL loaded at 0x736F0000: C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1110_none_c0da534e38c01f4d\\comctl32 (0x8d000 bytes).\n2026-06-28 14:56:14,608 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07F30000, committing at: 0x07F3E000.\n2026-06-28 14:56:14,610 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x012AD000, size: 0x1000.\n2026-06-28 14:56:14,625 [root] DEBUG: 4500: .NET JIT native cache at 0x07FA0000: scans and dumps active.\n2026-06-28 14:56:14,627 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07FA0000 to tracked regions list (ntdll::LdrGetDllHandle returns to 0x07FA0689, thread 2784).\n2026-06-28 14:56:14,628 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FA0000 skipped\n2026-06-28 14:56:14,706 [root] DEBUG: 4500: InstrumentationCallback: Added region at 0x751524AC (base 0x75130000) to tracked regions list (thread 2784).\n2026-06-28 14:56:14,707 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-28 14:56:14,709 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x07FA0000, committing at: 0x07FA8000.\n2026-06-28 14:56:14,723 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCF0000, size: 0x50000.\n2026-06-28 14:56:14,724 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x7FCF0000\n2026-06-28 14:56:14,725 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x07FA0000.\n2026-06-28 14:56:14,726 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FA0000 skipped\n2026-06-28 14:56:14,727 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x50000) reserved but not committed at 0x7FCF0000.\n2026-06-28 14:56:14,728 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x7FCF0000, committing at: 0x7FCF0000.\n2026-06-28 14:56:14,729 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCE0000, size: 0x10000.\n2026-06-28 14:56:14,730 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x7FCE0000\n2026-06-28 14:56:14,731 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x7FCF0000.\n2026-06-28 14:56:14,732 [root] DEBUG: 4500: ProcessTrackedRegion: Entropy for tracked region at 0x7FCF0000: 1.341173e-01\n2026-06-28 14:56:14,733 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x7FCF0000 - 0x7FCF003C.\n2026-06-28 14:56:14,734 [root] DEBUG: 4500: ScanForDisguisedPE: Size too small: 0x3c bytes\n2026-06-28 14:56:14,742 [lib.common.results] INFO: Uploading file C:\\jXRqFQqtn\\CAPE\\4500_1415353514562128062026 to CAPE\\31224ad4f6c7504ce6f7e40fa315803be21124a78eac135ddd82b8eaba18535b; Size is 60; Max size: 100000000\n2026-06-28 14:56:14,747 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\\jXRqFQqtn\\CAPE\\4500_1415353514562128062026 (size 60 bytes)\n2026-06-28 14:56:14,748 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x7FCF0000, size 4096 bytes.\n2026-06-28 14:56:14,749 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x7FCF0000.\n2026-06-28 14:56:14,749 [root] DEBUG: 4500: YaraScan: Scanning 0x7FCF0000, size 0x3c\n2026-06-28 14:56:14,750 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x10000) reserved but not committed at 0x7FCE0000.\n2026-06-28 14:56:14,751 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x7FCE0000, committing at: 0x7FCE0000.\n2026-06-28 14:56:14,830 [root] DEBUG: 4500: .NET JIT native cache at 0x07FE0000: scans and dumps active.\n2026-06-28 14:56:14,841 [root] DEBUG: 4500: caller_dispatch: Added region at 0x07FE0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x07FE6E67, thread 2784).\n2026-06-28 14:56:14,842 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x07FE0000 skipped\n2026-06-28 14:56:14,904 [root] DEBUG: 4500: .NET JIT native cache at 0x08030000: scans and dumps active.\n2026-06-28 14:56:14,915 [root] DEBUG: 4500: caller_dispatch: Added region at 0x08030000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x08031174, thread 2784).\n2026-06-28 14:56:14,916 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x08030000 skipped\n2026-06-28 14:56:14,969 [root] DEBUG: 4500: DLL loaded at 0x73650000: C:\\Windows\\SYSTEM32\\USP10 (0x17000 bytes).\n2026-06-28 14:56:14,970 [root] DEBUG: 4500: DLL loaded at 0x73610000: C:\\Windows\\SYSTEM32\\msls31 (0x31000 bytes).\n2026-06-28 14:56:14,971 [root] DEBUG: 4500: DLL loaded at 0x73670000: C:\\Windows\\SYSTEM32\\RichEd20 (0x7a000 bytes).\n2026-06-28 14:56:15,038 [root] DEBUG: 4500: DLL loaded at 0x734A0000: C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\\gdiplus (0x169000 bytes).\n2026-06-28 14:56:15,065 [root] DEBUG: 4500: DLL loaded at 0x73290000: C:\\Windows\\SYSTEM32\\DWrite (0x210000 bytes).\n2026-06-28 14:56:15,069 [root] DEBUG: 4500: DLL loaded at 0x768E0000: C:\\Windows\\System32\\MSCTF (0xd3000 bytes).\n2026-06-29 03:55:00,531 [root] DEBUG: 4500: .NET JIT native cache at 0x08B80000: scans and dumps active.\n2026-06-29 03:55:00,534 [root] DEBUG: 4500: caller_dispatch: Added region at 0x08B80000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x08B80105, thread 2784).\n2026-06-29 03:55:00,535 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x08B80000 skipped\n2026-06-29 03:55:00,627 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x012A0000: 3.425831e+00 (from 3.129104e+00)\n2026-06-29 03:55:00,629 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x012A0000 - 0x012AB54A.\n2026-06-29 03:55:00,630 [root] DEBUG: 4500: ScanForDisguisedPE: No PE image located in range 0x012A0000-0x012AB54A.\n2026-06-29 03:55:00,633 [lib.common.results] INFO: Uploading file C:\\jXRqFQqtn\\CAPE\\4500_99875000551029162026 to CAPE\\ee5f16dc47945cae528752f9a1c59316cfb9d941272eb7a2f00ebe0d074f2720; Size is 46410; Max size: 100000000\n2026-06-29 03:55:00,638 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\\jXRqFQqtn\\CAPE\\4500_99875000551029162026 (size 46410 bytes)\n2026-06-29 03:55:00,639 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x012A0000, size 49152 bytes.\n2026-06-29 03:55:00,640 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x012A0000.\n2026-06-29 03:55:00,640 [root] DEBUG: 4500: YaraScan: Scanning 0x012A0000, size 0xb54a\n2026-06-29 03:55:00,698 [root] DEBUG: 4500: .NET JIT native cache at 0x09300000: scans and dumps active.\n2026-06-29 03:55:00,707 [root] DEBUG: 4500: caller_dispatch: Added region at 0x09300000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x0930165B, thread 2784).\n2026-06-29 03:55:00,708 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x09300000 skipped\n2026-06-29 03:55:00,849 [root] DEBUG: 4500: DLL loaded at 0x76A30000: C:\\Windows\\System32\\clbcatq (0x7e000 bytes).\n2026-06-29 03:55:00,868 [root] DEBUG: 4500: DLL loaded at 0x72A30000: C:\\Windows\\System32\\iertutil (0x22b000 bytes).\n2026-06-29 03:55:00,869 [root] DEBUG: 4500: DLL loaded at 0x72A10000: C:\\Windows\\System32\\NETAPI32 (0x13000 bytes).\n2026-06-29 03:55:00,870 [root] DEBUG: 4500: DLL loaded at 0x729E0000: C:\\Windows\\System32\\USERENV (0x25000 bytes).\n2026-06-29 03:55:00,872 [root] DEBUG: 4500: DLL loaded at 0x72910000: C:\\Windows\\System32\\WINHTTP (0xc8000 bytes).\n2026-06-29 03:55:00,873 [root] DEBUG: 4500: DLL loaded at 0x72900000: C:\\Windows\\System32\\WKSCLI (0x10000 bytes).\n2026-06-29 03:55:00,874 [root] DEBUG: 4500: DLL loaded at 0x728F0000: C:\\Windows\\System32\\NETUTILS (0xb000 bytes).\n2026-06-29 03:55:00,875 [root] DEBUG: 4500: DLL loaded at 0x72C60000: C:\\Windows\\System32\\ieframe (0x62f000 bytes).\n2026-06-29 03:55:00,884 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-29 03:55:00,887 [root] DEBUG: 4500: DLL loaded at 0x726E0000: C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\\comctl32 (0x210000 bytes).\n2026-06-29 03:55:00,896 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-29 03:55:00,908 [root] DEBUG: 4500: DLL loaded at 0x72650000: C:\\Windows\\SYSTEM32\\sxs (0x88000 bytes).\n2026-06-29 03:55:00,996 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x08001000, size: 0x1000.\n2026-06-29 03:55:01,008 [root] DEBUG: 4500: .NET JIT native cache at 0x09380000: scans and dumps active.\n2026-06-29 03:55:01,011 [root] DEBUG: 4500: caller_dispatch: Added region at 0x09380000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x09380B87, thread 2784).\n2026-06-29 03:55:01,012 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x09380000 skipped\n2026-06-29 03:55:01,055 [root] DEBUG: 4500: DLL loaded at 0x721F0000: C:\\Windows\\system32\\dxgi (0xc3000 bytes).\n2026-06-29 03:55:01,057 [root] DEBUG: 4500: DLL loaded at 0x72430000: C:\\Windows\\system32\\d3d11 (0x1e0000 bytes).\n2026-06-29 03:55:01,058 [root] DEBUG: 4500: DLL loaded at 0x722C0000: C:\\Windows\\system32\\dcomp (0x165000 bytes).\n2026-06-29 03:55:01,059 [root] DEBUG: 4500: DLL loaded at 0x72610000: C:\\Windows\\system32\\dataexchange (0x32000 bytes).\n2026-06-29 03:55:01,068 [root] DEBUG: 4500: DLL loaded at 0x72060000: C:\\Windows\\system32\\twinapi.appcore (0x18f000 bytes).\n2026-06-29 03:55:01,104 [root] DEBUG: 4500: AllocationHandler: Allocation already in tracked region list: 0x04630000.\n2026-06-29 03:55:01,133 [root] DEBUG: 4500: DLL loaded at 0x71F90000: C:\\Windows\\SYSTEM32\\PROPSYS (0xc2000 bytes).\n2026-06-29 03:55:01,147 [root] DEBUG: 4500: DLL loaded at 0x71F40000: C:\\Windows\\SYSTEM32\\msIso (0x43000 bytes).\n2026-06-29 03:55:01,184 [root] DEBUG: 4500: DLL loaded at 0x71D70000: C:\\Windows\\SYSTEM32\\srvcli (0x1d000 bytes).\n2026-06-29 03:55:01,191 [root] DEBUG: 4500: DLL loaded at 0x71D90000: C:\\Windows\\SYSTEM32\\urlmon (0x1a8000 bytes).\n2026-06-29 03:55:01,252 [root] DEBUG: 4500: DLL loaded at 0x70AC0000: C:\\Windows\\SYSTEM32\\powrprof (0x44000 bytes).\n2026-06-29 03:55:01,315 [root] DEBUG: 4500: DLL loaded at 0x70B10000: C:\\Windows\\System32\\mshtml (0x1254000 bytes).\n2026-06-29 03:55:01,317 [root] DEBUG: 4500: DLL loaded at 0x70AB0000: C:\\Windows\\SYSTEM32\\UMPDC (0xd000 bytes).\n2026-06-29 03:55:01,385 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-29 03:55:01,438 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-29 03:55:01,468 [root] DEBUG: 4500: DLL loaded at 0x70A80000: C:\\Windows\\System32\\srpapi (0x25000 bytes).\n2026-06-29 03:55:01,603 [root] DEBUG: 4500: .NET JIT native cache at 0x0B260000: scans and dumps active.\n2026-06-29 03:55:01,606 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B260000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x0B26011F, thread 2784).\n2026-06-29 03:55:01,607 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B260000 skipped\n2026-06-29 03:55:01,683 [root] DEBUG: 4500: DLL loaded at 0x709E0000: C:\\Windows\\SYSTEM32\\TextShaping (0x94000 bytes).\n2026-06-29 03:55:01,779 [root] DEBUG: 4500: DLL loaded at 0x70860000: C:\\Windows\\SYSTEM32\\WindowsCodecs (0x171000 bytes).\n2026-06-29 03:55:02,033 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0B200000, size: 0x8000.\n2026-06-29 03:55:02,035 [root] DEBUG: 4500: GetEntropy: Error - Supplied address inaccessible: 0x0B200000\n2026-06-29 03:55:02,039 [root] DEBUG: 4500: AllocationHandler: Processing previous tracked region at: 0x08000000.\n2026-06-29 03:55:02,041 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x08000000: 1.764103e+00 (from 1.163484e+00)\n2026-06-29 03:55:02,042 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x08000000 - 0x08006FFE.\n2026-06-29 03:55:02,043 [root] DEBUG: 4500: ScanForDisguisedPE: No PE image located in range 0x08000000-0x08006FFE.\n2026-06-29 03:55:02,046 [lib.common.results] INFO: Uploading file C:\\jXRqFQqtn\\CAPE\\4500_5895722551029162026 to CAPE\\7415bbbf4690ce7e9491f81bbc414968aed014b33adeb1889801131d86ebee63; Size is 28670; Max size: 100000000\n2026-06-29 03:55:02,051 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\\jXRqFQqtn\\CAPE\\4500_5895722551029162026 (size 28670 bytes)\n2026-06-29 03:55:02,052 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x08000000, size 28672 bytes.\n2026-06-29 03:55:02,053 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x08000000.\n2026-06-29 03:55:02,054 [root] DEBUG: 4500: YaraScan: Scanning 0x08000000, size 0x6ffe\n2026-06-29 03:55:02,056 [root] DEBUG: 4500: AllocationHandler: Memory region (size 0x8000) reserved but not committed at 0x0B200000.\n2026-06-29 03:55:02,058 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x0B200000, committing at: 0x0B200000.\n2026-06-29 03:55:02,242 [root] DEBUG: 4500: .NET JIT native cache at 0x0B210000: scans and dumps active.\n2026-06-29 03:55:02,252 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B210000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0B210E75, thread 2784).\n2026-06-29 03:55:02,253 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B210000 skipped\n2026-06-29 03:55:02,398 [root] DEBUG: 4500: .NET JIT native cache at 0x0B230000: scans and dumps active.\n2026-06-29 03:55:02,441 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0B230000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0B235734, thread 2784).\n2026-06-29 03:55:02,443 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0B230000 skipped\n2026-06-29 03:55:02,546 [root] DEBUG: 4500: .NET JIT native cache at 0x0C560000: scans and dumps active.\n2026-06-29 03:55:02,553 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0C560000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0C560769, thread 2784).\n2026-06-29 03:55:02,554 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0C560000 skipped\n2026-06-29 03:55:02,629 [root] DEBUG: 4500: ProcessTrackedRegion: Region at 0x75130000 mapped as \\Device\\HarddiskVolume2\\Windows\\SysWOW64\\kernel32.dll is in known range, skipping\n2026-06-29 03:55:02,767 [root] DEBUG: 4500: DLL loaded at 0x70450000: C:\\Windows\\SYSTEM32\\ntmarta (0x29000 bytes).\n2026-06-29 03:55:02,771 [root] DEBUG: 4500: DLL loaded at 0x70480000: C:\\Windows\\System32\\CoreMessaging (0x9b000 bytes).\n2026-06-29 03:55:02,775 [root] DEBUG: 4500: DLL loaded at 0x70370000: C:\\Windows\\SYSTEM32\\wintypes (0xdb000 bytes).\n2026-06-29 03:55:02,780 [root] DEBUG: 4500: DLL loaded at 0x70520000: C:\\Windows\\System32\\CoreUIComponents (0x27e000 bytes).\n2026-06-29 03:55:02,784 [root] DEBUG: 4500: DLL loaded at 0x707A0000: C:\\Windows\\SYSTEM32\\textinputframework (0xb9000 bytes).\n2026-06-29 03:55:02,962 [root] DEBUG: 4500: DLL loaded at 0x70360000: C:\\Windows\\system32\\msimtf (0xe000 bytes).\n2026-06-29 03:55:02,987 [root] DEBUG: 4500: DLL loaded at 0x6FE40000: C:\\Windows\\System32\\d2d1 (0x515000 bytes).\n2026-06-29 03:55:02,996 [root] DEBUG: 4500: DLL loaded at 0x6FE30000: C:\\Windows\\SYSTEM32\\resourcepolicyclient (0xf000 bytes).\n2026-06-29 03:55:03,035 [root] DEBUG: 4500: DLL loaded at 0x6F870000: C:\\Windows\\SYSTEM32\\d3d10warp (0x5c2000 bytes).\n2026-06-29 03:55:03,050 [root] DEBUG: 4500: DLL loaded at 0x75720000: C:\\Windows\\System32\\cfgmgr32 (0x3b000 bytes).\n2026-06-29 03:55:03,052 [root] DEBUG: 4500: DLL loaded at 0x6F840000: C:\\Windows\\SYSTEM32\\dxcore (0x2c000 bytes).\n2026-06-29 03:55:03,203 [root] DEBUG: 4500: AllocationHandler: Previously reserved region at 0x0C560000, committing at: 0x0C56F000.\n2026-06-29 03:55:03,207 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x0F850000, size: 0x1000.\n2026-06-29 03:55:03,240 [root] DEBUG: 4500: .NET JIT native cache at 0x0F850000: scans and dumps active.\n2026-06-29 03:55:03,249 [root] DEBUG: 4500: DLL loaded at 0x6F830000: C:\\Windows\\SYSTEM32\\Secur32 (0xa000 bytes).\n2026-06-29 03:55:03,254 [root] DEBUG: 4500: DLL loaded at 0x6F7F0000: C:\\Windows\\SYSTEM32\\MLANG (0x34000 bytes).\n2026-06-29 03:55:03,265 [root] DEBUG: 4500: DLL loaded at 0x6F3A0000: C:\\Windows\\SYSTEM32\\WININET (0x450000 bytes).\n2026-06-29 03:55:03,369 [root] DEBUG: 4500: AllocationHandler: Adding allocation to tracked region list: 0x7FCD0000, size: 0x1000.\n2026-06-29 03:55:03,410 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0F850000 skipped\n2026-06-29 03:55:03,482 [root] DEBUG: 4500: .NET JIT native cache at 0x0FC50000: scans and dumps active.\n2026-06-29 03:55:03,485 [root] DEBUG: 4500: caller_dispatch: Added region at 0x0FC50000 to tracked regions list (ntdll::LdrGetProcedureAddressForCaller returns to 0x0FC50929, thread 2784).\n2026-06-29 03:55:03,486 [root] DEBUG: 4500: ProcessTrackedRegion: .NET cache region at 0x0FC50000 skipped\n2026-06-29 03:55:20,153 [root] INFO: Analysis timeout hit, terminating analysis\n2026-06-29 03:55:20,155 [lib.api.process] INFO: Terminate event set for process 4500\n2026-06-29 03:55:20,157 [root] DEBUG: 4500: Terminate Event: Attempting to dump process 4500\n2026-06-29 03:55:20,158 [root] DEBUG: 4500: VerifyCodeSection: Executable code does not match, 0x204f2 of 0x204f3 matching\n2026-06-29 03:55:20,160 [root] DEBUG: 4500: DoProcessDump: Code modification detected, dumping Imagebase at 0x00B60000.\n2026-06-29 03:55:20,161 [root] DEBUG: 4500: DumpImageInCurrentProcess: Attempting to dump virtual PE image.\n2026-06-29 03:55:20,162 [root] DEBUG: 4500: DumpProcess: Instantiating PeParser with address: 0x00B60000.\n2026-06-29 03:55:20,163 [root] DEBUG: 4500: DumpProcess: Module entry point VA is 0x00B824EE.\n2026-06-29 03:55:20,163 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B62000, section 1\n2026-06-29 03:55:20,164 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B84000, section 2\n2026-06-29 03:55:20,165 [root] DEBUG: 4500: PeParser: readPeSectionsFromProcess: readSectionFromProcess failed address 0x00B8A000, section 4\n2026-06-29 03:55:20,166 [root] DEBUG: 4500: reBasePEImage: Exception rebasing image from 0x00B60000 to 0x00400000.\n2026-06-29 03:55:20,167 [root] DEBUG: 4500: readPeSectionsFromProcess: Failed to relocate image back to header image base 0x00400000.\n2026-06-29 03:55:20,172 [lib.common.results] INFO: Uploading file C:\\jXRqFQqtn\\CAPE\\4500_684720551029162026 to procdump\\f6b3577e43911312e7ab3c479b13215e856a3ce268d071e250a391b84ff632d8; Size is 17408; Max size: 100000000\n2026-06-29 03:55:20,187 [root] DEBUG: 4500: DumpProcess: Module image dump success - dump size 0x4400.\n2026-06-29 03:55:20,191 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07B20000 (jit-dumps=0)\n2026-06-29 03:55:20,192 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07CF0000 (jit-dumps=0)\n2026-06-29 03:55:20,194 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07D40000 (jit-dumps=0)\n2026-06-29 03:55:20,195 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07E40000 (jit-dumps=0)\n2026-06-29 03:55:20,195 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07E70000 (jit-dumps=0)\n2026-06-29 03:55:20,197 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07F30000 (jit-dumps=0)\n2026-06-29 03:55:20,198 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07F70000 (jit-dumps=0)\n2026-06-29 03:55:20,199 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07FA0000 (jit-dumps=0)\n2026-06-29 03:55:20,200 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x07FE0000 (jit-dumps=0)\n2026-06-29 03:55:20,202 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x08030000 (jit-dumps=0)\n2026-06-29 03:55:20,205 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x08B80000 (jit-dumps=0)\n2026-06-29 03:55:20,207 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x09300000 (jit-dumps=0)\n2026-06-29 03:55:20,210 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x09380000 (jit-dumps=0)\n2026-06-29 03:55:20,212 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B210000 (jit-dumps=0)\n2026-06-29 03:55:20,213 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B230000 (jit-dumps=0)\n2026-06-29 03:55:20,214 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0B260000 (jit-dumps=0)\n2026-06-29 03:55:20,215 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0C560000 (jit-dumps=0)\n2026-06-29 03:55:20,217 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0F850000 (jit-dumps=0)\n2026-06-29 03:55:20,218 [root] DEBUG: 4500: DumpInterestingRegions: Skipping .NET JIT native cache at 0x0FC50000 (jit-dumps=0)\n2026-06-29 03:55:20,223 [root] DEBUG: 4500: ProcessTrackedRegion: Updated entropy for tracked region at 0x7FCD0000: 6.939652e-01 (from 6.939653e-01)\n2026-06-29 03:55:20,224 [root] DEBUG: 4500: DumpPEsInRange: Scanning range 0x7FCD0000 - 0x7FCD010B.\n2026-06-29 03:55:20,225 [root] DEBUG: 4500: ScanForDisguisedPE: Size too small: 0x10b bytes\n2026-06-29 03:55:20,228 [lib.common.results] INFO: Uploading file C:\\jXRqFQqtn\\CAPE\\4500_411814120551029162026 to CAPE\\ca517a62cc4bd322c4afb74599b3f4a6f414d0fb6f750eae56a0d9c95d997f49; Size is 267; Max size: 100000000\n2026-06-29 03:55:20,252 [root] DEBUG: 4500: DumpMemory: Payload successfully created: C:\\jXRqFQqtn\\CAPE\\4500_411814120551029162026 (size 267 bytes)\n2026-06-29 03:55:20,253 [root] DEBUG: 4500: DumpRegion: Dumped entire allocation from 0x7FCD0000, size 4096 bytes.\n2026-06-29 03:55:20,254 [root] DEBUG: 4500: ProcessTrackedRegion: Dumped region at 0x7FCD0000.\n2026-06-29 03:55:20,255 [root] DEBUG: 4500: YaraScan: Scanning 0x7FCD0000, size 0x10b\n2026-06-29 03:55:20,256 [root] DEBUG: 4500: Terminate Event: Shutdown complete for process 4500 but failed to inform analyzer.\n2026-06-29 03:55:25,169 [lib.api.process] INFO: Termination confirmed for process 4500\n2026-06-29 03:55:25,170 [root] INFO: Terminate event set for process 4500\n2026-06-29 03:55:25,170 [root] INFO: Created shutdown mutex\n2026-06-29 03:55:26,187 [root] INFO: Shutting down package\n2026-06-29 03:55:26,188 [root] INFO: Stopping auxiliary modules\n2026-06-29 03:55:26,188 [root] INFO: Stopping auxiliary module: Browser\n2026-06-29 03:55:26,189 [root] INFO: Stopping auxiliary module: Human\n2026-06-29 03:55:31,766 [root] INFO: Stopping auxiliary module: Screenshots\n2026-06-29 03:55:31,767 [root] INFO: Finishing auxiliary modules\n2026-06-29 03:55:31,768 [root] INFO: Shutting down pipe server and dumping dropped files\n2026-06-29 03:55:31,769 [root] WARNING: Folder at path \"C:\\jXRqFQqtn\\debugger\" does not exist, skipping\n2026-06-29 03:55:31,769 [root] WARNING: Folder at path \"C:\\jXRqFQqtn\\tlsdump\" does not exist, skipping\n2026-06-29 03:55:31,771 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "f7b87a01c8987b3adc1f798f0e4016bf116fa15591b2d2d756c5dc58ad9f04a3",
    "hosts": [
      {
        "ip": "173.194.76.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "40.126.31.131",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "108.177.15.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "108.177.15.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.84",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "66.102.1.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.138",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.133.95",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.150.119",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.168.139",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.168.100",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.206.101",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "74.125.71.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      },
      {
        "ip": "142.251.16.94",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [],
    "tcp": [
      {
        "src": "192.168.122.139",
        "sport": 49696,
        "dst": "142.251.16.94",
        "dport": 443,
        "offset": 24,
        "time": 0.0
      },
      {
        "src": "192.168.122.139",
        "sport": 49697,
        "dst": "74.125.71.94",
        "dport": 443,
        "offset": 95,
        "time": 0.031597137451171875
      },
      {
        "src": "192.168.122.139",
        "sport": 49698,
        "dst": "74.125.206.101",
        "dport": 443,
        "offset": 306,
        "time": 1.6095540523529053
      },
      {
        "src": "192.168.122.139",
        "sport": 49681,
        "dst": "142.251.168.100",
        "dport": 443,
        "offset": 447,
        "time": 4.832600116729736
      },
      {
        "src": "192.168.122.139",
        "sport": 49754,
        "dst": "142.251.168.139",
        "dport": 443,
        "offset": 1118,
        "time": 4.857895135879517
      },
      {
        "src": "192.168.122.139",
        "sport": 49755,
        "dst": "142.251.16.94",
        "dport": 443,
        "offset": 10825,
        "time": 4.984589099884033
      },
      {
        "src": "192.168.122.139",
        "sport": 49679,
        "dst": "142.251.150.119",
        "dport": 443,
        "offset": 16155,
        "time": 6.9769580364227295
      },
      {
        "src": "192.168.122.139",
        "sport": 49686,
        "dst": "74.125.133.95",
        "dport": 443,
        "offset": 16508,
        "time": 9.464553117752075
      },
      {
        "src": "192.168.122.139",
        "sport": 49687,
        "dst": "74.125.206.138",
        "dport": 443,
        "offset": 16649,
        "time": 9.76511001586914
      },
      {
        "src": "192.168.122.139",
        "sport": 49682,
        "dst": "66.102.1.138",
        "dport": 443,
        "offset": 16790,
        "time": 10.147145986557007
      },
      {
        "src": "192.168.122.139",
        "sport": 49680,
        "dst": "74.125.206.84",
        "dport": 443,
        "offset": 16931,
        "time": 17.058552980422974
      },
      {
        "src": "192.168.122.139",
        "sport": 49683,
        "dst": "108.177.15.94",
        "dport": 443,
        "offset": 17072,
        "time": 18.667631149291992
      },
      {
        "src": "192.168.122.139",
        "sport": 49688,
        "dst": "108.177.15.139",
        "dport": 443,
        "offset": 17425,
        "time": 22.14534616470337
      },
      {
        "src": "192.168.122.139",
        "sport": 49759,
        "dst": "40.126.31.131",
        "dport": 443,
        "offset": 17870,
        "time": 22.19326400756836
      },
      {
        "src": "192.168.122.139",
        "sport": 49693,
        "dst": "173.194.76.94",
        "dport": 443,
        "offset": 42556,
        "time": 27.118210077285767
      },
      {
        "src": "192.168.122.139",
        "sport": 49695,
        "dst": "108.177.15.139",
        "dport": 443,
        "offset": 136421,
        "time": 30.903964042663574
      },
      {
        "src": "192.168.122.139",
        "sport": 49764,
        "dst": "74.178.240.51",
        "dport": 443,
        "offset": 173792,
        "time": 33.62263798713684
      },
      {
        "src": "192.168.122.139",
        "sport": 49766,
        "dst": "135.232.92.137",
        "dport": 443,
        "offset": 183586,
        "time": 34.13739514350891
      }
    ],
    "udp": [
      {
        "src": "192.168.122.139",
        "sport": 5353,
        "dst": "224.0.0.251",
        "dport": 5353,
        "offset": 1775,
        "time": 4.863872051239014
      },
      {
        "src": "192.168.122.139",
        "sport": 54678,
        "dst": "224.0.0.252",
        "dport": 5355,
        "offset": 10262,
        "time": 4.889942169189453
      },
      {
        "src": "192.168.122.139",
        "sport": 51898,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 15354,
        "time": 5.671914100646973
      },
      {
        "src": "192.168.122.139",
        "sport": 62244,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 15676,
        "time": 6.186640024185181
      },
      {
        "src": "192.168.122.139",
        "sport": 56684,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 42697,
        "time": 27.669830083847046
      },
      {
        "src": "192.168.122.139",
        "sport": 61825,
        "dst": "224.0.0.252",
        "dport": 5355,
        "offset": 42886,
        "time": 27.67394709587097
      },
      {
        "src": "192.168.122.139",
        "sport": 61826,
        "dst": "239.255.255.250",
        "dport": 1900,
        "offset": 136189,
        "time": 30.73006296157837
      },
      {
        "src": "192.168.122.139",
        "sport": 57221,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 137096,
        "time": 33.0681209564209
      },
      {
        "src": "192.168.122.139",
        "sport": 53337,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 172929,
        "time": 33.60192108154297
      },
      {
        "src": "192.168.122.139",
        "sport": 55365,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 173231,
        "time": 33.60952615737915
      },
      {
        "src": "192.168.122.139",
        "sport": 49527,
        "dst": "192.168.122.1",
        "dport": 53,
        "offset": 177961,
        "time": 33.66999697685242
      }
    ],
    "icmp": [],
    "http": [],
    "dns": [],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "stealth_network",
      "description": "Network activity detected but not expressed in monitor API logs",
      "categories": [
        "stealth"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "ip": "173.194.76.94"
        },
        {
          "ip": "40.126.31.131"
        },
        {
          "ip": "108.177.15.139"
        },
        {
          "ip": "108.177.15.94"
        },
        {
          "ip": "74.125.206.84"
        },
        {
          "ip": "66.102.1.138"
        },
        {
          "ip": "74.125.206.138"
        },
        {
          "ip": "74.125.133.95"
        },
        {
          "ip": "142.251.150.119"
        },
        {
          "ip": "142.251.168.139"
        },
        {
          "ip": "142.251.168.100"
        },
        {
          "ip": "74.125.206.101"
        },
        {
          "ip": "74.125.71.94"
        },
        {
          "ip": "142.251.16.94"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antivm_checks_available_memory",
      "description": "Checks available memory",
      "categories": [
        "antivm"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 357
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_keyboard_layout",
      "description": "Queries the keyboard layout",
      "categories": [
        "location_discovery"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 16183
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17037
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17080
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17158
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17184
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17215
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17326
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17330
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 17332
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18057
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19150
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19312
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19316
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19420
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19422
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19424
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "queries_locale_api",
      "description": "Queries the computer locale (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 15665
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 15791
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 16413
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 16555
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "antidebug_setunhandledexceptionfilter",
      "description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
      "categories": [
        "anti-debug"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 40,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 329
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "language_check_registry",
      "description": "Checks system language via registry key (possible geofencing)",
      "categories": [
        "location_discovery",
        "geofence"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
        },
        {
          "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "mouse_movement_detect",
      "description": "Checks for mouse movement",
      "categories": [
        "anti-sandbox"
      ],
      "severity": 2,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 18052
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18053
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18056
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18587
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18600
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18692
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18750
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18811
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18815
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18821
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18827
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18833
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18839
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18849
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18859
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18862
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18870
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18876
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18935
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18939
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18949
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18955
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18961
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18967
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18973
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18979
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18985
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18991
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18997
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19005
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19011
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19017
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19023
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19029
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19035
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19036
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19042
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19048
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19054
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19060
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19066
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19076
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19082
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19087
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19089
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19090
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19091
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19092
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19093
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19094
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19095
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19096
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19097
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19098
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19099
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19100
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19101
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19102
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19103
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19104
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19105
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19106
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19107
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19108
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19109
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19110
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19111
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19112
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19113
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19117
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19123
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19129
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19135
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19148
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19151
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19152
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19156
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19166
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19167
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19171
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19181
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19187
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19194
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19200
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19206
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19212
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19218
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19224
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19230
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19236
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19242
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19249
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19250
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19254
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19264
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19270
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19276
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19282
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19288
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19294
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19300
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19308
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19425
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19427
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19469
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19479
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19482
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19485
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19492
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19502
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19508
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19514
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19520
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19530
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19536
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19538
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19548
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19554
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19560
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19566
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19569
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19573
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19579
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19588
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19590
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19591
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19592
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19593
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19594
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19595
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19596
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19597
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19598
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19599
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19600
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19601
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19602
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19603
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19604
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19605
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19606
        },
        {
          "mouse_movement": "Checks for mouse movement (mouse movement observed in sandbox during sampling)."
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "privilege_elevation_check",
      "description": "Queries process token information to check for Administrator privileges or UAC elevation status",
      "categories": [
        "discovery",
        "privilege_escalation"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 14429
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 15074
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 15173
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "query_fips_reconnaissance",
      "description": "Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software",
      "categories": [
        "discovery",
        "c2"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 648
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 649
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 652
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 654
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 655
        },
        {
          "behavioral_fips_reconnaissance": [
            "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'",
            "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'",
            "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'",
            "HTMLive.exe (PID: 4500) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "registers_vectored_exception_handler",
      "description": "Registers a vectored exception handler (VEH), possibly to hijack execution flow",
      "categories": [
        "evasion",
        "execution",
        "injection"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 325
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "packer_unknown_pe_section_name",
      "description": "The binary contains an unknown PE section name indicative of packing",
      "categories": [
        "packer"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "unknown section": {
            "name": ".sdata",
            "raw_address": "0x00020a00",
            "virtual_address": "0x00024000",
            "virtual_size": "0x0000009a",
            "size_of_data": "0x00000200",
            "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
            "characteristics_raw": "0xc0000040",
            "entropy": "2.22"
          }
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "static_pe_pdbpath",
      "description": "The PE file contains a suspicious PDB path",
      "categories": [
        "static"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 80,
      "references": [
        "https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html"
      ],
      "data": [
        {
          "anomaly": "the pdb path contains a reference to a development path or term that may suggest a non-enterprise environment development/compilation"
        },
        {
          "pdbpath": "C:\\Users\\Phillip\\documents\\visual studio 2010\\Projects\\livehtml\\livehtml\\obj\\x86\\Release\\livehtml.pdb"
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "injection_rwx",
      "description": "Creates RWX memory",
      "categories": [
        "injection"
      ],
      "severity": 2,
      "weight": 1,
      "confidence": 50,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 212
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_syscall_execution",
      "description": "Executes syscalls where the return address or caller points to dynamically allocated (unbacked) memory",
      "categories": [
        "evasion",
        "stealth",
        "fileless",
        "shellcode"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 14392
        },
        {
          "unbacked_syscalls": [
            "HTMLive.exe executed sysenter (KERNEL32.dll) where Caller points to unbacked memory at 0x0930f302"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "infostealer_cookies",
      "description": "Touches a file containing cookies, possibly for information gathering",
      "categories": [
        "infostealer"
      ],
      "severity": 3,
      "weight": 4,
      "confidence": 100,
      "references": [],
      "data": [],
      "new_data": [
        {
          "process": {
            "process_name": "HTMLive.exe",
            "process_id": 4500
          },
          "signs": [
            {
              "type": "file",
              "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
            }
          ]
        },
        {
          "process": {
            "process_name": "HTMLive.exe",
            "process_id": 4500
          },
          "signs": [
            {
              "type": "file",
              "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
            }
          ]
        },
        {
          "process": {
            "process_name": "HTMLive.exe",
            "process_id": 4500
          },
          "signs": [
            {
              "type": "file",
              "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
            }
          ]
        },
        {
          "process": {
            "process_name": "HTMLive.exe",
            "process_id": 4500
          },
          "signs": [
            {
              "type": "file",
              "value": "C:\\Users\\Rajesh\\AppData\\Local\\Microsoft\\Windows\\INetCookies"
            }
          ]
        }
      ],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_process_mitigation_alteration",
      "description": "Manipulated process mitigation policies (CFG/DEP/hard error modes) from dynamically allocated (unbacked) memory",
      "categories": [
        "defense_evasion",
        "stealth",
        "fileless"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 14824
        },
        {
          "unbacked_mitigation_alterations": [
            "HTMLive.exe executed NtSetInformationProcess (Class: 35) from unbacked caller 0x0930fb63"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_api_resolution",
      "description": "Manually resolves API addresses from dynamically allocated (unbacked) memory, indicative of shellcode or an unpacker",
      "categories": [
        "evasion",
        "shellcode",
        "fileless"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 842
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 853
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 854
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 856
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1056
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1059
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1063
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1064
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1065
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1066
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14276
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14277
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14286
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14287
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14367
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14368
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14369
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14370
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14373
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14374
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14383
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14519
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14535
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14733
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14739
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14740
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14746
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14747
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14748
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14749
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14750
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14751
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14752
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14753
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14874
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14878
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14884
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14885
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14886
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14887
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14901
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14909
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14947
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14954
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18751
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18752
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18753
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18756
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18759
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18760
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18761
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18762
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18763
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18765
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18766
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18767
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18768
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18769
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18770
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18771
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18772
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18777
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18779
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18780
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18781
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18783
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18784
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18785
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18786
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18787
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18788
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18789
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18790
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18791
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18792
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18793
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 18796
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 19309
        },
        {
          "unbacked_api_resolutions": [
            "HTMLive.exe resolved API 'CoTaskMemAlloc' from unbacked caller 0x07f3e24a",
            "HTMLive.exe resolved API 'DrawThemeBackground' from unbacked caller 0x0f85d0a3",
            "HTMLive.exe resolved API 'DefWindowProc' from unbacked caller 0x012ad246",
            "HTMLive.exe resolved API 'IUnknown_QueryService' from unbacked caller 0x0930fb63",
            "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x0f85b12d",
            "HTMLive.exe resolved API 'DeleteObject' from unbacked caller 0x0f85a180",
            "HTMLive.exe resolved API 'ConvertSidToStringSidW' from unbacked caller 0x0930fb63",
            "HTMLive.exe resolved API 'GdipGetRegionHRgn' from unbacked caller 0x0f85c0bd",
            "HTMLive.exe resolved API 'SetWindowLong' from unbacked caller 0x07f3ecf0",
            "HTMLive.exe resolved API 'BitBlt' from unbacked caller 0x0f85e4dd",
            "HTMLive.exe resolved API 'GetFileType' from unbacked caller 0x07b2ff77",
            "HTMLive.exe resolved API 'CoTaskMemAlloc' from unbacked caller 0x09387eb3",
            "HTMLive.exe resolved API 'GetDeviceCaps' from unbacked caller 0x09385f8d",
            "HTMLive.exe resolved API 'CreateRectRgn' from unbacked caller 0x0f85c7d0",
            "HTMLive.exe resolved API 'GetTextAlign' from unbacked caller 0x0f85e0be",
            "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x093066cd",
            "HTMLive.exe resolved API 'GdipCreateHalftonePalette' from unbacked caller 0x0f858ff1",
            "HTMLive.exe resolved API 'SetBkMode' from unbacked caller 0x0f85e161",
            "HTMLive.exe resolved API 'CreateCompatibleBitmap' from unbacked caller 0x0f859d97",
            "HTMLive.exe resolved API 'ND_WU1_RetAddr' from unbacked caller 0x0930fda6",
            "HTMLive.exe resolved API 'GetCurrentActCtx' from unbacked caller 0x09380b87",
            "HTMLive.exe resolved API 'GetClipRgn' from unbacked caller 0x0f85c6f5",
            "HTMLive.exe resolved API 'GetObjectType' from unbacked caller 0x0f859bd5",
            "HTMLive.exe resolved API 'GetThemeAppProperties' from unbacked caller 0x093030af",
            "HTMLive.exe resolved API 'CreateFileW' from unbacked caller 0x07b2ff60",
            "HTMLive.exe resolved API 'ReleaseDC' from unbacked caller 0x093860a1",
            "HTMLive.exe resolved API 'CoGetObjectContext' from unbacked caller 0x0930f339",
            "HTMLive.exe resolved API 'DefWindowProcW' from unbacked caller 0x012ad246",
            "HTMLive.exe resolved API 'OpenThemeData' from unbacked caller 0x09303425",
            "HTMLive.exe resolved API 'GetThemeAppPropertiesW' from unbacked caller 0x093030af",
            "HTMLive.exe resolved API 'GetDlgItem' from unbacked caller 0x09382810",
            "HTMLive.exe resolved API 'ActivateActCtx' from unbacked caller 0x09380b41",
            "HTMLive.exe resolved API 'GetBkMode' from unbacked caller 0x0f85e12c",
            "HTMLive.exe resolved API 'GdipCombineRegionRegion' from unbacked caller 0x0f85e819",
            "HTMLive.exe resolved API 'SendMessage' from unbacked caller 0x09382649",
            "HTMLive.exe resolved API 'GdipRestoreGraphics' from unbacked caller 0x0f85a7eb",
            "HTMLive.exe resolved API 'GdipSaveGraphics' from unbacked caller 0x0f85a660",
            "HTMLive.exe resolved API 'CoCreateInstance' from unbacked caller 0x0930f1cf",
            "HTMLive.exe resolved API 'GetDC' from unbacked caller 0x09385f62",
            "HTMLive.exe resolved API 'GdipSetClipRectI' from unbacked caller 0x0f85a4e2",
            "HTMLive.exe resolved API 'GetDIBits' from unbacked caller 0x0f859e02",
            "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x093066cd",
            "HTMLive.exe resolved API 'GdipGetLogFontW' from unbacked caller 0x09382244",
            "HTMLive.exe resolved API 'ND_WU1' from unbacked caller 0x0930fda6",
            "HTMLive.exe resolved API 'SetParent' from unbacked caller 0x09385638",
            "HTMLive.exe resolved API 'CreateFile' from unbacked caller 0x07b2ff60",
            "HTMLive.exe resolved API 'BeginPaint' from unbacked caller 0x0f8583a9",
            "HTMLive.exe resolved API 'CreateFontIndirect' from unbacked caller 0x09382070",
            "HTMLive.exe resolved API 'GdipGetTextRenderingHint' from unbacked caller 0x0f85dafd",
            "HTMLive.exe resolved API 'SelectPalette' from unbacked caller 0x0f858ad5",
            "HTMLive.exe resolved API 'CloseThemeData' from unbacked caller 0x0f85d2c6",
            "HTMLive.exe resolved API 'SelectObject' from unbacked caller 0x0f859a7f",
            "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x0f85b12d",
            "HTMLive.exe resolved API 'CloseThemeDataW' from unbacked caller 0x0f85d2c6",
            "HTMLive.exe resolved API 'DeleteDC' from unbacked caller 0x0f85e6f8",
            "HTMLive.exe resolved API 'EndPaint' from unbacked caller 0x0f85887b",
            "HTMLive.exe resolved API 'CreateCompatibleDC' from unbacked caller 0x0f8599d3",
            "HTMLive.exe resolved API 'CoTaskMemFree' from unbacked caller 0x07f3e2dd",
            "HTMLive.exe resolved API 'Unknown API' from unbacked caller 0x09387eb3",
            "HTMLive.exe resolved API 'GetTextColor' from unbacked caller 0x0f85e0f1",
            "HTMLive.exe resolved API 'VariantToStringWithDefault' from unbacked caller 0x09387eb3",
            "HTMLive.exe resolved API 'NtQuerySystemInformation' from unbacked caller 0x07b2d626",
            "HTMLive.exe resolved API 'CreateFontIndirectW' from unbacked caller 0x09382070",
            "HTMLive.exe resolved API 'GdipTranslateWorldTransform' from unbacked caller 0x0f85a3bd",
            "HTMLive.exe resolved API 'OpenThemeDataW' from unbacked caller 0x09303425",
            "HTMLive.exe resolved API 'SystemParametersInfo' from unbacked caller 0x09302212",
            "HTMLive.exe resolved API 'ND_WU1' from unbacked caller 0x0938229f",
            "HTMLive.exe resolved API 'CreateWindowEx' from unbacked caller 0x07f3e555",
            "HTMLive.exe resolved API 'ConvertStringSecurityDescriptorToSecurityDescriptorW' from unbacked caller 0x0930fb63",
            "HTMLive.exe resolved API 'SelectClipRgn' from unbacked caller 0x0f85c8e7",
            "HTMLive.exe resolved API 'SendMessageW' from unbacked caller 0x09382649",
            "HTMLive.exe resolved API 'Unknown API' from unbacked caller 0x09387de8",
            "HTMLive.exe resolved API 'SxsLookupClrGuid' from unbacked caller 0x0930f339",
            "HTMLive.exe resolved API 'CreateWindowExW' from unbacked caller 0x07f3e555",
            "HTMLive.exe resolved API 'SetWindowLongW' from unbacked caller 0x07f3ecf0",
            "HTMLive.exe resolved API 'CreateDIBSection' from unbacked caller 0x0f859c6c",
            "HTMLive.exe resolved API 'DrawThemeBackgroundW' from unbacked caller 0x0f85d0a3",
            "HTMLive.exe resolved API 'SystemParametersInfoW' from unbacked caller 0x09302212"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_library_load",
      "description": "Loads a new DLL where the caller address originates from dynamically allocated (unbacked) memory",
      "categories": [
        "evasion",
        "execution",
        "fileless"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 840
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 841
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14395
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14396
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14397
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14517
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14518
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14806
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14807
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14897
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14898
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14899
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14900
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14908
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14953
        },
        {
          "unbacked_library_loads": [
            "HTMLive.exe loaded ntdll.dll from unbacked caller 0x07b2d626",
            "HTMLive.exe loaded ntdll.dll from unbacked caller 0x07b2d626",
            "HTMLive.exe loaded comctl32.dll from unbacked caller 0x0930f302",
            "HTMLive.exe loaded C:\\Windows\\SysWOW64\\ieframe.dll from unbacked caller 0x0930f302",
            "HTMLive.exe loaded user32.dll from unbacked caller 0x0930f302",
            "HTMLive.exe loaded sxs.dll from unbacked caller 0x0930f339",
            "HTMLive.exe loaded sxs.dll from unbacked caller 0x0930f339",
            "HTMLive.exe loaded gdi32.dll from unbacked caller 0x0930fb63",
            "HTMLive.exe loaded C:\\Windows\\System32\\dataexchange.dll from unbacked caller 0x0930fb63",
            "HTMLive.exe loaded C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll from unbacked caller 0x09387de8",
            "HTMLive.exe loaded C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll from unbacked caller 0x09387de8",
            "HTMLive.exe loaded OLEAUT32.dll from unbacked caller 0x09387de8",
            "HTMLive.exe loaded OLEAUT32.dll from unbacked caller 0x09387de8",
            "HTMLive.exe loaded PROPSYS.dll from unbacked caller 0x09387eb3",
            "HTMLive.exe loaded msIso.dll from unbacked caller 0x09387eb3"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_memory_protection_alteration",
      "description": "Altered memory protections from dynamically allocated (unbacked) memory, indicative of self-modifying shellcode or memory patching",
      "categories": [
        "evasion",
        "stealth",
        "fileless",
        "shellcode"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 20,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 1055
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1057
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1058
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 1060
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14399
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14400
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14406
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14407
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14408
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14409
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14412
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14421
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14422
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14424
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14425
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14534
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14536
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14537
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14538
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14572
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14573
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14575
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14576
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14732
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14734
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14757
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14758
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14810
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14811
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14817
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14818
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14819
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14820
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14823
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14833
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14834
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14835
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14836
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14837
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14838
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14850
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14851
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14873
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14875
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14877
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14879
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14896
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14902
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14903
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14905
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14906
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14910
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14946
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14948
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14949
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14950
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14951
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14955
        },
        {
          "unbacked_memory_protection_alterations": [
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x07f3e24a",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x07f3e24a",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x07f3e2dd",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x07f3e2dd",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x726cf000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x77029000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x77029000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x726cd000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x726cd000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x754dd000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000004 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x759a8000 to 0x00000002 from unbacked caller 0x0930f339",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x755b2000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x755b2000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7263d000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7263d000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x77029000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x77029000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721ce000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721ce000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7263d000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7263d000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x721d2000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x0930fb63",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x09387de8",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x09387de8",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000004 from unbacked caller 0x09387de8",
            "HTMLive.exe changed memory protection at 0x7418b000 to 0x00000002 from unbacked caller 0x09387de8",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x76872000 to 0x00000004 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x76872000 to 0x00000002 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000004 from unbacked caller 0x09387eb3",
            "HTMLive.exe changed memory protection at 0x7322b000 to 0x00000002 from unbacked caller 0x09387eb3"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_com_instantiation",
      "description": "Attempted to use a COM object (CoCreateInstance) from dynamically allocated (unbacked) memory, possibly for WMI reconnaissance or DCOM lateral movement",
      "categories": [
        "execution",
        "discovery",
        "lateral_movement",
        "fileless"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 80,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 14398
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14423
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14428
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14808
        },
        {
          "unbacked_com_instantiations": [
            "HTMLive.exe instantiated COM object 8856F961-340A-11D0-A96B-00C04FD705A2 from unbacked caller 0x0930f302",
            "HTMLive.exe instantiated COM object 00000346-0000-0000-C000-000000000046 from unbacked caller 0x0930f339",
            "HTMLive.exe instantiated COM object 0000034B-0000-0000-C000-000000000046 from unbacked caller 0x0930f339",
            "HTMLive.exe instantiated COM object 9FC8E510-A27C-4B3B-B9A3-BF65F00256A8 from unbacked caller 0x0930fb63"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "unbacked_token_manipulation",
      "description": "Attempted to open, duplicate, or impersonate an access token from dynamically allocated (unbacked) memory, indicative credential theft or lateral movement",
      "categories": [
        "privilege_escalation",
        "credential_access",
        "lateral_movement"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "type": "call",
          "pid": 4500,
          "cid": 14427
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14565
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14598
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14627
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14652
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14675
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14698
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14777
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14842
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14853
        },
        {
          "type": "call",
          "pid": 4500,
          "cid": 14870
        },
        {
          "unbacked_token_manipulations": [
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930f339",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63",
            "HTMLive.exe invoked NtOpenProcessToken from unbacked caller 0x0930fb63"
          ]
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    },
    {
      "name": "pe_deep_entrypoint",
      "description": "The PE entry point is located unusually far into section, indicative of an appended packer stub that jumps to the original entry point (OEP)",
      "categories": [
        "static",
        "packer",
        "evasion",
        "anomaly"
      ],
      "severity": 3,
      "weight": 1,
      "confidence": 100,
      "references": [],
      "data": [
        {
          "anomaly_description": "The PE entry point (0x224ee) is located 100.0% deep into the '.text' section. Normal compilers place the EP near the beginning. This strongly indicates an appended packer stub or shellcode.",
          "entry_point": "0x224ee",
          "section_name": ".text",
          "section_virtual_address": "0x2000",
          "section_virtual_size": "0x204f4",
          "offset_bytes": "0x204ee",
          "depth_percentage": 100.0,
          "section_entropy": 5.73
        }
      ],
      "new_data": [],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 9.0,
  "ttps": [
    {
      "signature": "stealth_network",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "mouse_movement_detect",
      "ttps": [
        "T1497"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "antivm_checks_available_memory",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_syscall_execution",
      "ttps": [
        "T1055",
        "T1106"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "privilege_elevation_check",
      "ttps": [
        "T1033",
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "query_fips_reconnaissance",
      "ttps": [
        "T1082"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "registers_vectored_exception_handler",
      "ttps": [
        "T1055",
        "T1574"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "infostealer_cookies",
      "ttps": [
        "T1539"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_process_mitigation_alteration",
      "ttps": [
        "T1562"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_api_resolution",
      "ttps": [
        "T1129",
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_library_load",
      "ttps": [
        "T1129",
        "T1059"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_memory_protection_alteration",
      "ttps": [
        "T1055"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "unbacked_com_instantiation",
      "ttps": [
        "T1047"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    },
    {
      "signature": "pe_deep_entrypoint",
      "ttps": [
        "T1027"
      ],
      "mbcs": [
        "E1027"
      ]
    },
    {
      "signature": "packer_unknown_pe_section_name",
      "ttps": [
        "T1027.002",
        "T1027"
      ],
      "mbcs": [
        "OB0001",
        "OB0002",
        "OB0006",
        "F0001"
      ]
    },
    {
      "signature": "static_pe_pdbpath",
      "ttps": [
        "T1071"
      ],
      "mbcs": [
        "OC0006",
        "C0002",
        "OC0006",
        "C0002"
      ]
    }
  ],
  "malstatus": "Malicious"
}